# SCIM # Introduction to SCIM ## What is SCIM?

SCIM is a standard created to simplify user management in the cloud by defining a schema for representing users and groups with a REST API for all the necessary CRUD operations.

This standard could be extended to other resources like accounts, roles, etc. Soffid is compatible with SCIM 2 protocol but uses its owns schema for users, groups, roles and so one. That is why Soffid implements SCIM protocols (RFC7644 and EFC 7644), but not SCIM core schema (RFC7643). ## Information about SCIM

All the information about SCIM is published in the following link: [http://www.simplecloud.info/](http://www.simplecloud.info/)

Currently, the last available version of the standard is SCIM 2.0.

The most relevant link about the specification of this protocol is: [https://tools.ietf.org/html/rfc7644](https://tools.ietf.org/html/rfc7644)

## Use cases of SCIM SCIM could be used to create a new identity from third part application assign or revoke permissions, create or disable accounts, or even take part of new or existing workflows. You can leverage SCIM protocol to extend current Soffid functionality adapting the Identity Platform to your needs. ## Example of SCIM SCIM uses JSON specification for the data model containing the requests and responses. For instance, the data information of a user would be: ```JSON { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "userName": "bjensen", "externalId": "bjensen", "name": { "formatted": "Ms. Barbara J Jensen III", "familyName": "Jensen", "givenName": "Barbara" } } ``` SCIM also uses REST specification for HTTP communication between clients and servers. For instance, a request to create a user would be: ``` POST /Users HTTP/1.1 Host: example.com Accept: application/scim+json Content-Type: application/scim+json Authorization: Bearer h480djs93hd8 Content-Length: ... ``` The HTTP codes are very important in the responses. For instance: ``` HTTP/1.1 200 Response is ok HTTP/1.1 201 Resource created HTTP/1.1 404 Resource not found etc ``` # SCIM Operations ## HTTP Method
GET Retrieves one or more complete or partial resources.
POST Depending on the endpoint, creates new resources, creates a search request, or MAY be used to bulk-modify resources.
PUT Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT MUST NOT be used to create new resources.
PATCH Modifies a resource with a set of client-specified changes (partial update).
DELETE Deletes a resource.
### Get A HTTP Get request is used to fetch a resource or a set of resources. #### Read ``` http:///soffid/webservice/scim2/v1/{Resource}/{id} ``` - id: is the identifier of a specific resource #### Search ``` http:///soffid/webservice/scim2/v1/{Resource}/?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}&attributes={attributes} ``` - filter: allows you to add filter to query. - attribute - op: SCIM has support for the filter operations equals, contains, starts with, and more. - value - sortBy: the attribute used to sort the response. - sortOrder: order to sort, ascending or descending. Ascending is the default order. Also, you can asl for specific attributes of the resource - attributes={attributes} Example: ``` http:///soffid/webservice/scim2/v1/User?filter=lastName co ada and active eq true &sortOrder=descending&sortBy=userName&attributes=userName,lastName&filter=userName co admin ``` #### Sorting
**Parameter** **Description**
sortBySpecifies the attribute whose value will be used to order ther returned responses.
sortOrderAllowed values are "ascending" and "descending". If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default.
Sorting example: ``` http:///soffid/webservice/scim2/v1/User?sortBy=lastName&sortOrder=descending ``` #### Pagination
**Parameter** **Description**
startIndexIndex of the first query result. Default 1
countMaximun numer of query results per page
Pagination example: ```XML http:///soffid/webservice/scim2/v1/User?startIndex=1&count=10 ``` ```JSON { "totalResults":100, "itemsPerPage":10, "startIndex":1, "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "Resources":[{ ... }] } ``` ### Post A HTTP Post request is used to create a new resource ``` http:///soffid/webservice/scim2/v1/{Resource} ``` ``` Content-Type: application/json ``` You must send the JSON with the attributes of the resource you want to create. ```JSON { "schemas":[{schema}], "attribute1":"value1", "attribute2":"value2", "attribute3":{ "subattribute1":"valueX", "subattribute1":"valueX", }, ....... } ``` - schema: is the schema url of the resource you are creating. - attributes: name of the resource attributes. - values: values for each attribute. ### Put A HTTP Put request is used to update resources. This operation replace all values of the resource ``` http:///soffid/webservice/scim2/v1/{Resource}/{id} ``` ``` Content-Type: application/json ``` You must send the JSON with the attributes of the resource you want to update, which includes the ID. ```JSON { "schemas":[{schema}], "id": "idValue", "attribute1":"value1", "attribute2":"value2", "attribute3":{ "subattribute1":"valueX", "subattribute1":"valueX", }, ....... } ``` - schema: is the schema url of the resource you are creating. - id: identifier of the resource - attributes: name of the resource attributes. - values: values for each attribute. ### Patch A HTTP Patch request is used to update partial resources ``` http:///soffid/webservice/scim2/v1/{Resource}/{id} ``` ```JSON { "Operations": [ { "op": "operation", "path": "attribute", "value": "value" }, ............ ] } ``` - op: available operations to realize: - add: allows you to add a new value to an attribute. - remove: allows you to delete the value of an attribute. - replace: allows you to replace (update) the value of an attribute.

More information about the operations on [https://www.rfc-editor.org/rfc/rfc6902](https://www.rfc-editor.org/rfc/rfc6902)

- path: to indicate the attribute on which the operation is to be performed. - value: the new value for the attribute. ### Delete A HTTP Delete request is used to delete a resource. ``` http:///soffid/webservice/scim2/v1/{Resource}/{id} ``` - id: is the identifier of a specific resource ## Request In the PUT and PATCH methods, a JSON stream with the data model is required (please see this format in the following link: [ Resource data model](https://bookstack.soffid.com/books/scim/chapter/resource-data-model "Resource data model")). ## Response The response format will be represented as a SCIM JSON response, but all the keys in the response will depend on the method requested and the result of the operation. ### HTTP Status The most commons responses #### Successful Responses
200 OK
201
Created
204
No Content
#### Error Response
400 Bad Request
401
Unauthorized
403 Forbidden
404 Not Found
500
Internal Server Error
For instance, when you search by id but no resource is found, only a 404 HTTP code is included in the response (the body is empty, no JSON is provided). User cases: - Search by id but no resource is found (404 code). - Update all, the id is not found (404 code). - Update partial, the id is not found (404 code). - Delete, the id is not found (404 code). - A "/<resource>" (in the URL) not exist (404 code). - Other errors (404 or 500 code).

More detail about [SCIM JSON error](#bkmrk-scim-json-error)

## SCIM JSON Response ### SCIM JSON list For instance, when a list of resources is requested, this is the JSON output format: *Note, to simplify the JSON output every resource has been replaced by {...}* ```JSON { "totalResults": 3, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "resources": [ {...}, {...}, {...} ] } ``` This is the description of this type of response:
Attribute
Description
totalResultsNumber of the resources returned in the response
schemasDefined by SCIM protocl. Always: "[urn:ietf:params:scim:api:messages:2.0:ListResponse](http://urnietfparamsscimapimessages:2.0:ListResponse)"
resources List of resources returned
User cases: - A list all operation (200 code). - A search by filter operation (200 code). - The delete operation (204 code). ### SCIM JSON resource For instance, when a resource by id is requested, this is the JSON format: *Note, to simplify the JSON output every resource has been replaced by {...}* ```JSON { "id": 11345 "organizational": true, ... } ``` In this case, the JSON stream of the resource is included directly in the response. User cases: - Search by id operations (200 code). - Successful create operations (201 code). - Successful complete update operations (200 code). - Successful partial update operations (200 code). ### SCIM JSON error For instance, if an attempt to delete a resource is made, but this resource is not found the following JSON response will be obtained: ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "detail": "User 1234 not found", "status": "404" } ``` This is the description of this type of response:
**Attribute**
**Description**
schemasDefined by SCIM protocl. Always: "[urn:ietf:params:scim:api:messages:2.0:Error](http://urnietfparamsscimapimessages:2.0:Error)"
detailReturns the description on the validation, problem, error, etc
statusIs the HTTP status, that is the same that the HTTP code of the HTTP response
User cases: - When you try to delete a resource but it's not found (404 code). - When you try to delete a group, the solution is to disable it by PATCH (500 code). - Generic errors (500 code). # SCIM Query syntax SCIM protocol provides a language to search and filter resources.

Please browse the standard specifications in this link: [https://tools.ietf.org/html/rfc7644#section-3.4.2.2](https://tools.ietf.org/html/rfc7644#section-3.4.2.2)

## Example To search all users having "John" as name: ```XML http:///webservice/scim2/v1/User/?filter=userName eq "John" ``` ## Use This feature can be used with the Search by filter operation. After the URL resource. the filter parameter with the language expression to apply must be added: **<URL>?filter=<expression>** Remember that in this case the HTTP method is GET.

The result always is a SCIM response list.

## Syntax ### Attribute operators
**Operator** **Description**
eq equal
eq\_ci case insensitive version of equal operator
ne not equal
co contains
sw starts with
ew ends with
pr present (has value)
gt greater than
ge greater than or equal to
lt less than
le less than or equal to
### Logical operators
**Operator** **Description**
and Logical "and"
or Logical "or"
not "Not" function
### Grouping operators
**Operator** **Description**
( ) Precedence grouping
\[ \] Complex attribute filter group
### Data values
**Data type** **Value**
NumbersUse the value without ", for example 1234
TextUse the value within ", for example "John"
DateUse the value within " with an ISO format, for example "2011-05-13T04:42:34Z"
BooleanUse \[ true | false \] (without ")
NullUse \[ null \] (without ")
### Filter examples ```shell filter=userName eq "admin" filter=userName ne "admin" filter=userName co "ad" filter=userName sw "a" filter=userName ew "n" filter=userName pr filter=id gt 1 filter=id ge 60 filter=id lt 1000 filter=id le 1188 filter=consoleProperties.id eq 229 filter=createdDate gt "2011-05-13T04:42:34Z" filter=id eq 60 and id eq 1188 filter=id eq 60 or id eq 1188 filter=firstName eq "Admin" and id eq 60 filter=firstName eq "Admin" or id eq 61 filter=primaryGroup eq "world" and (firstName co "John” or lastName co "Smith") filter=userName co "i" and (userName co "a" or userName co "s") filter=id eq 60 and (userName co "a" and consoleProperties.id eq 229) ``` ### Sorting Short is optional .
**Parameter** **Description**
sortBySpecifies the attribute whose value will be used to order ther returned responses.
sortOrderAllowed values are "ascending" and "descending". If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default.
Example: ```XML http:///webservice/scim2/v1/User?sortBy=lastName&sortOrder=descending ``` ### Pagination
**Parameter** **Description**
startIndexIndex of the first query result. Default 1
countMaximun numer of query results per page
Example: ```XML http:///webservice/scim2/v1/User?startIndex=1&count=10 ``` ```JSON { "totalResults":100, "itemsPerPage":10, "startIndex":1, "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "Resources":[{ ... }] } ``` # How to install SCIM in Soffid ## Installation ### Download Please download the Soffid SCIM add-on. You can download it at the following link [http://www.soffid.com/download/enterprise/](http://www.soffid.com/download/enterprise/) if you have Soffid user with authorization, or in the following [http://download.soffid.com/download/](http://download.soffid.com/download/) by registering. ### Upload Once the SCIM add-on is downloaded, please log in to IAM Console.

You need to be an administrator user of the Soffid console or a user with permissions to upload addons.

It is recommended to upload the addons to master, this is the way to maintain updated all, master and tenants if there are.

In the Soffid console, please go to: "Main Menu > Administration > Configure Soffid > Global Settings > Plugins" and upload the addon file, for more information visit the [Addons Getting started](https://bookstack.soffid.com/books/addons-getting-started/page/getting-started "Addons installation") page Finally, when the addon is installed, it will be required to restart the Soffid Console. ## Testing ### Confirm authorization To access to the SCIM REST web service, a user with correct authorization is required. First we can check the authorization created by the SCIM add-on: - Go to: Main Menu > Administration > Configure Soffid > Security settings > Authorizations - Filter by the field "name" with the value "scim" - Confirm that exists "scim:invoke" ### Confirm access Once a user is available to access SCIM functionality, testing is easily done with a browser. For example, to list groups. - Please introduce the next URL: http://<domain>/webservice/scim2/v1/Group (*note, you must replace "<domain>" for your Soffid IAM Console domain*). - Now a browser prompt requests the user and password for the authentication (note, you must use the user with the SCIM authorization). - Finally, if the response is something like a compact JSON (Chrome) or a download file (Firefox). Comments - One can use a REST client extension in the browser, for example, [RESTer](https://bookstack.soffid.com/link/118#bkmrk-rester) - One can show a JSON formatted with a browser extension, for example, JSONView (*note, it's necessary include the CONTENT-TYPE="application/scim+json" in the extension preferences*). # How to use SCIM in Soffid ## Introduction

Soffid has implemented a version of the SCIM protocol 2.0. Some optional recommendations have also been included to improve the usage of this specification within the Soffid context.

This functionality is available only by installing the SCIM add-on. This add-on is available in the download section of the Soffid website. ## Discovery Soffid provides some endpoints to discover supported features and specific attribute details: ### Service provider config This endpoint provides additional information about the Soffid SCIM implementation. ##### Request ```XML GET https:///soffid/webservice/scim2/v1/ServiceProviderConfig ``` ##### Response 200 OK ```JSON { "patch": { "supported": true }, "filter": { "maxResults": 1000, "supported": true }, "documentationUri": "https://bookstack.soffid.com/books/scim", "authenticationSchemes": [ { "documentationUri": "https://bookstack.soffid.com/book/scim", "name": "HTTP Basic", "description": "Authentication scheme using the HTTP Basic Standard", "specUri": "http://www.rfc-editor.org/info/rfc2617", "type": "httpbasic" } ], "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ServiceProvider", "resourceType": "ServiceProviderConfig" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig" ], "etag": { "supported": false }, "sort": { "supported": true }, "bulk": { "supported": false }, "changePassword": { "supported": true } } ``` ### Resources Types An endpoint used to discover the types of resources available. #### List resources types The SCIM protocol is focused on resource management, such as users, groups, accounts, etc. To know all the resources that Soffid provides you can use this REST web service: ##### Request ```XML GET https:///soffid/webservice/scim2/v1/ResourceTypes ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 20, "startIndex": 1, "Resources": [ { "schema": "urn:soffid:com.soffid.iam.api.Account", "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account", "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Account", "resourceType": "ResourceType" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ], "name": "Account", "description": "Account object", "id": "Account" }, { "schema": "urn:soffid:com.soffid.iam.api.Group", "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Group", "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Group", "resourceType": "ResourceType" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ], "name": "Group", "description": "Group object", "id": "Group" }, ............... ] } ``` #### Query resource type Specifies metadata about each resource. To query a specific resource type, you can use this REST web service: ##### Request ```XML GET http:///soffid/webservice/scim2/v1/ResourceTypes/{Resource} ``` Example ```XML GET http:///soffid/webservice/scim2/v1/ResourceTypes/User ``` ##### Response 200 OK ```JSON { "schema": "urn:soffid:com.soffid.iam.api.User", "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/User", "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/User", "resourceType": "ResourceType" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ], "name": "User", "description": "User object", "id": "User" } ``` ##### Response 404 ``` 404 Not Found ``` ### Schemas Schema definition for a specific resource. Request ``` GET http:///soffid/webservice/scim2/v1/Schemas/{Schema_URL} ``` Example ``` GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role ``` Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Role", "description": "Role object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "system", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "category", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "informationSystemName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "domain", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "bpmEnabled", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalStart", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalEnd", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Role" } ``` ##### Response 404 ``` 404 Not Found ``` ## Soffid Resources Soffid provides the following resources:
Resource
Description
[User](https://bookstack.soffid.com/link/126#bkmrk-page-title)Management of the users included in the Soffid solution. A user is an identity that represents only one person.
[Group](https://bookstack.soffid.com/link/127#bkmrk-page-title)Management of the groups included in the Soffid solution. A group could be part of a hierarchical group tree. Users are assigned to a primary group and optionally could be in some secondary groups.
[Account](https://bookstack.soffid.com/books/scim/page/account-resource "Account resource")Management of the accounts included in the Soffid solution. An account is a representation of one application access. A user may have a lot of accounts and may have some accounts for the same applications with different roles and restrictions.
[Application](https://bookstack.soffid.com/books/scim/page/application-resource "Application resource") Management of the applications (Information Systems from a functional point of view) included in the Soffid solution. Every agent (of an external system) manages these roles through one or more applications.
[Role](https://bookstack.soffid.com/books/scim/page/role-resource "Role resource") Management of the roles included in the Soffid solution. Every role is created in one application, so an application has a list of roles.
[GroupType](https://bookstack.soffid.com/link/131#bkmrk-page-title) Management of the GroupTypes included in the Soffid solution.
[UserType](https://bookstack.soffid.com/books/scim/page/user-type-resource "User type resource") Management of the GroupTypes included in the Soffid solution.
[GroupUser](https://bookstack.soffid.com/books/scim/page/groupuser-resource "GroupUser resource") Management of the GroupUsers included in the Soffid solution.
[RoleAccount](https://bookstack.soffid.com/books/scim/page/roleaccount-resource "RoleAccount resource") Management of the RoleAccounts included in the Soffid solution.
[Host](https://bookstack.soffid.com/books/scim/page/host-resource "Host resource") Management of the Hosts included in the Soffid solution.
[MailDomain](https://bookstack.soffid.com/books/scim/page/maildomain-resource "MailDomain resource") Management of the MailDomains included in the Soffid solution.
[MailList](https://bookstack.soffid.com/books/scim/page/maillist-resource "MailList resource") Management of the MailLists included in the Soffid solution.
[DomainValue](https://bookstack.soffid.com/books/scim/page/domainvalue-resource "DomainValue resource") Management of the DomainValues included in the Soffid solution.
[VaultFolder](https://bookstack.soffid.com/books/scim/page/vaultfolder-resource "VaultFolder resource") Management of the VaultFolders included in the Soffid solution.
[System](https://bookstack.soffid.com/books/scim/page/system-resource "System resource") Management of the Systems (Agents) included in the Soffid solution. Information storage system from a technical point of view.
[CustomObject](https://bookstack.soffid.com/books/scim/page/customobject-resource "CustomObject resource") Management of the CustomObjects included in the Soffid solution.
[TaskInstance](https://bookstack.soffid.com/books/scim/page/taskinstance-resource "TaskInstance resource") Management of the TaskInstances included in the Soffid solution.
[ProcessInstance](https://bookstack.soffid.com/books/scim/page/processinstance-resource "ProcessInstance resource") Management of the ProcessInstances included in the Soffid solution.
[ProcessDefinition](https://bookstack.soffid.com/books/scim/page/processdefinition-resource "ProcessDefinition resource") Management of the ProcessDefinition included in the Soffid solution.

You can view all resource data models and schemas on [Resource data model & schema](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema "Resource data model & schema") chapter

## Soffid Operations For every resource the following operations are available:
**Operation** **HTTP method** **URL example** **Description**
List all GET .../soffid/webservice/scim/<resource> List all resources
Search by id GET .../soffid/webservice/scim/<resource>/<id> Search the resource with the <id> specified
Search by filter GET .../soffid/webservice/scim/<resource>?filter=<filter-language> Search all resources that fulfil the <filter-language> filter (*please see filtering language here* [5. SCIM filter language](https://confluence.soffid.com/display/SOF/5.+SCIM+filter+language))
Create POST .../soffid/webservice/scim/<resource> Create a resource
Update all PUT .../soffid/webservice/scim/<resource>/<id> + <JSON in the body> Update all attributes specified in the JSON stream (*the attributes not included will be cleared*)
Update partial PATCH .../soffid/webservice/scim/<resource>/<id> + <JSON in the body> Update only the attributes specified in the JSON stream *(the other attributes will not be updated)*
Delete DELETE .../soffid/webservice/scim/<resource>/<id> Delete a resource
## HTTP request In every HTTP request the following HTTP header parameters are required:
**Parameter**
**Value**
**Description**
URLhttps://<your-domain>/soffid/webservice/scim/<resource>URL with the <resource> to be managed
Method\[ GET | POST | PUT | PATCH | DELETE \]Method allowed in SCIM REST protocol
Content-Typeapplication/scim+jsonSCIM specification
Acceptapplication/scim+jsonSCIM specification
AuthorizationBasic YWRtaW46Y2hhbmdlaXQ=Only BASIC authentication is implemented in this version. A Soffid user (+password) with SCIM access is required to generate this parameter
Accept-Language\[ EN | ES | CA | NL \]This parameter is OPTIONAL. The default language is EN
## HTTP codes The following HTTP codes are managed in the HTTP response:
**Code** **Status** **User case**
200 Ok After: list all, search by id, search by filter, update all, update partial
201 Created After: create
204 No content After: delete
404 Not found After: resource not found
500 Error After: internal error, PATCH DELETE
# Testing tool ## REST clients Any REST client may be used to test and consume our SCIM REST web service. ### RESTer In this case, we will show the usage with RESTer, a browser extension available for Chrome and Firefox.

This extension may be added from these links: [Chrome](https://chrome.google.com/webstore/detail/rester/eejfoncpjfgmeleakejdcanedmefagga), [Firefox](https://addons.mozilla.org/es/firefox/addon/rester/)

Once it's added to the browser, this tool is accessible from its toolbar icon: [![RestTer_1.png](https://bookstack.soffid.com/uploads/images/gallery/2021-05/scaled-1680-/restter-1.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-05/restter-1.png) This is the RESTer application window: [![RESTer_2.png](https://bookstack.soffid.com/uploads/images/gallery/2021-05/scaled-1680-/rester-2.png)](https://bookstack.soffid.com/uploads/images/gallery/2021-05/rester-2.png)

Remember to use the HTTP headers specified in SCIM in [SCIM in Soffid-HTTPrequest](https://bookstack.soffid.com/link/114#bkmrk-http-request)

Remember to use a user with authorization. See 8. How to use SCIM in [How to use SCIM in Soffid-Confirmauthorization](https://bookstack.soffid.com/link/120#bkmrk-confirm-authorizatio)

### Postman Postman is another REST client, you can use it as an extension of the browser, but we recommend the operating system application. # Resource data model & schema The data model of the Soffid objects is mapped to JSON objects to enable the data transport between client and server. # User resource ## /User ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/User.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/User.html)

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object. - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query schema It is allowed to consult all the User definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.User ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.User", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "User", "description": "User object", "attributes": [ { "subattributes": [ { "uniqueness": "none", "name": "NIF", "description": "NIF", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "PHONE", "description": "PHONE", "canonicalValues": [ "1", "2", "3" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "manager", "description": "Manager", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "Contrat_type", "description": "Contract type", "canonicalValues": [ "T", "I", "F", "S" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "RegisterServiceProvider", "description": "RegisterServiceProvider", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "EMAIL", "description": "External email", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ActivationKey", "description": "ActivationKey", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "picture", "description": "Fotografía", "mutability": "readWrite", "type": "binary", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "birthDate", "description": "Birth date", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "language", "description": "Languages spoken by the user", "canonicalValues": [ "Spanish", "English", "German" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "country", "description": "Country", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "uniqueness": "none", "name": "attributes", "description": "Custom attributes", "mutability": "readWrite", "type": "complex", "returned": "default", "multiValued": false }, { "uniqueness": "none", "name": "userName", "description": "User name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "firstName", "description": "First name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "lastName", "description": "Last Name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "middleName", "description": "Middle name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "fullName", "description": "Full name", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "userType", "description": "Type", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "primaryGroup", "description": "Primary group", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "homeServer", "description": "Home server", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "profileServer", "description": "Profile server", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "emailAddress", "description": "Internal eMail", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "mailAlias", "description": "Mail alias", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "mailServer", "description": "Mail server", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "active", "description": "Enabled", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "multiSession", "description": "Multi session", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "comments", "description": "Comments", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "createdByUser", "description": "Created by", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "createdDate", "description": "Created on", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "modifiedByUser", "description": "Modifid by", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "modifiedDate", "description": "Modified last on", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "subattributes": [ { "uniqueness": "none", "name": "domain", "description": "Password domain to be changed. By default, the DEFAULT domain is changed", "mutability": "writeOnly", "type": "string", "caseExact": true, "multiValued": false, "required": false }, { "uniqueness": "none", "name": "value", "description": "The password itself, in clear text", "mutability": "writeOnly", "type": "string", "caseExact": true, "multiValued": false, "required": true }, { "uniqueness": "none", "name": "expired", "description": "If not set to false, the user will be prompted to change it on next logon", "mutability": "readWrite", "type": "boolean", "caseExact": true, "multiValued": false, "required": false } ], "uniqueness": "none", "name": "password", "description": "Change current user password", "mutability": "writeOnly", "type": "complex", "caseExact": true, "multiValued": true, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.User" } ``` ## Full JSON example

Visit [SCIM User examples](https://bookstack.soffid.com/books/scim/page/scim-user-examples "SCIM User examples") page

# Group resource ## /Group ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Group.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Group.html)

Soffid allows you to add customized data to the group object. You can do that on the metadata option: - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the Group definitions using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Group ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Group", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Group", "description": "Group object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "driveLetter", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "parentGroup", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "type", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "driveServerName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "obsolete", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Group" } ``` ## Full JSON example

Visit [SCIM Group examples](https://bookstack.soffid.com/books/scim/page/scim-group-examples "SCIM Group examples") page

# Account resource ## /Account ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Account.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Account.html)

Soffid allows you to add customized data to the Account object. You can do that on metadata option: - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the Account definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Account ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Account", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Account", "description": "Account object", "attributes": [ { "uniqueness": "none", "name": "system", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "type", "canonicalValues": [ "U", "S", "P", "I" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "status", "canonicalValues": [ "a", "d", "FA", "FD", "r", "l" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "passwordPolicy", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "ownerGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "ownerUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "ownerRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "managerGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "managerUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "managerRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "grantedGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "grantedUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "grantedRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "serverType", "canonicalValues": [ "Windows", "Linux", "Database" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "serverName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "vaultFolderId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "inheritNewPermissions", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "loginUrl", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "loginName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "launchType", "canonicalValues": [ "S", "W", "P" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "jumpServerGroup", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "created", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lastLogin", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lastUpdated", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lastPasswordSet", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "passwordExpiration", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lockedBy", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "passwordStatus", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "subattributes": [ { "uniqueness": "none", "name": "value", "description": "The password itself, in clear text", "mutability": "writeOnly", "type": "string", "caseExact": true, "multiValued": false, "required": true }, { "uniqueness": "none", "name": "expired", "description": "If not set to false, the user will be prompted to change it on next logon", "mutability": "readWrite", "type": "boolean", "caseExact": true, "multiValued": false, "required": false } ], "uniqueness": "none", "name": "password", "description": "Change current account password", "mutability": "writeOnly", "type": "complex", "caseExact": true, "multiValued": false, "required": false }, { "uniqueness": "none", "name": "attributes", "mutability": "readWrite", "type": "complex", "caseExact": true, "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Account" } ``` ## Full JSON example

Visit [SCIM Account examples](https://bookstack.soffid.com/books/scim/page/scim-account-examples "SCIM Account examples") page

# Application resource ## /Application (addon version 1.2.0+) ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Application.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Application.html)

Soffid allows you to add customized data to the Application object. You can do that on metadata option: - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the Application definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Application ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Application", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Application", "description": "Application object", "attributes": [ { "uniqueness": "none", "name": "type", "canonicalValues": [ "container", "application", "business" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "parent", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "relativeName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "source", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "owner", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "executable", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "database", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ownerName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "bpmEnabled", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "notificationEmails", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalProcess", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleDefinitionProcess", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "singleRole", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Application" } ``` ## Full JSON example

Visit [SCIM Application examples](https://bookstack.soffid.com/books/scim/page/scim-application-examples "SCIM Application examples") page

# Role resource ## /Role (addon version 1.2.0+) ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Role.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Role.html)

Soffid allows you to add customized data to the Role object. You can do that on metadata option: - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query schema It is allowed to consult all the Role definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Role", "description": "Role object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "system", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "category", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "informationSystemName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "domain", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "bpmEnabled", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalStart", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalEnd", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Role" } ``` ## Full JSON example

Visit[ SCIM Role examples](https://bookstack.soffid.com/books/scim/page/scim-role-examples "SCIM Role examples") page

# Group type resource ## /OUType ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/OUType.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/OUType.html)

## Query Schema It is allowed to consult all the Group Type definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUType ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUType", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "OUType", "description": "OUType object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleHolder", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.OUType" } ``` ## Full JSON example

Visit [SCIM Group type examples](https://bookstack.soffid.com/books/scim/page/scim-group-type-examples "SCIM Group type examples") page

# User type resource ## /UserType ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/UserType.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/UserType.html)

## Query Schema It is allowed to consult all the User Type definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserType ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserType", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "UserType", "description": "UserType object", "attributes": [ { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "unmanaged", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true } ], "id": "urn:soffid:com.soffid.iam.api.UserType" } ``` ## Full JSON example

Visit [SCIM User type examples](https://bookstack.soffid.com/books/scim/page/scim-user-type-examples "SCIM User type examples") page

# GroupUser resource ## /GroupUser ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/GroupUser.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/GroupUser.html)

Soffid allows you to add customized data to the GroupUser object. You can do that on metadata option: - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the GroupUser definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUser ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUser", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "GroupUser", "description": "GroupUser object", "attributes": [ { "subattributes": [ { "uniqueness": "none", "name": "startDate", "description": "Start date (2)", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "comments", "description": "Comments", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "uniqueness": "none", "name": "attributes", "description": "Custom attributes", "mutability": "readWrite", "type": "complex", "returned": "default", "multiValued": false }, { "uniqueness": "none", "name": "user", "description": "User", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "group", "description": "Group", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true } ], "id": "urn:soffid:com.soffid.iam.api.GroupUser" } ``` ## Full JSON example

Visit [SCIM GroupUser examples](https://bookstack.soffid.com/books/scim/page/scim-groupuser-examples "SCIM GroupUser examples") page

# RoleAccount resource ## /RoleAccount ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/RoleAccount.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/RoleAccount.html)

## Query Schema It is allowed to consult all the RoleAccount definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ResourceTypes/RoleAccount ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.RoleAccount", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "RoleAccount", "description": "RoleAccount object", "attributes": [ { "uniqueness": "none", "name": "accountId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "accountName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "accountSystem", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleCategory", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "informationSystemName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleDescription", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "userFullName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "groupDescription", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "domainValue", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "system", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "userGroupCode", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "bpmEnforced", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "userCode", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ruleId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ruleDescription", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "sodRisk", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "sodRules", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "startDate", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "endDate", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "enabled", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "approvalPending", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "removalPending", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "holderGroup", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "approvalProcess", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "certificationDate", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "parentGrant", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "delegationStatus", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ownerAccount", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "delegateAccount", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "delegateSince", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "delegateUntil", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.RoleAccount" } ``` ## Full JSON example

Visit [SCIM RoleAccount examples](https://bookstack.soffid.com/books/scim/page/scim-roleaccount-examples "SCIM RoleAccount examples") page

# Host resource ## /Host ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Host.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Host.html)

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object. - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the Host definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Host ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Host", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Host", "description": "Host object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "networkCode", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dhcp", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ip", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "os", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "mail", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "office", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "mac", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "hostAlias", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "printersServer", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dynamicIp", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "serialNumber", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lastSeen", "mutability": "readOnly", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Host" } ``` ## Full JSON example

Visit [SCIM Host examples](https://bookstack.soffid.com/books/scim/page/scim-host-examples "SCIM Host examples") page

# MailList resource ## /MailList ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailList.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailList.html)

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object. - Main Menu > Administration > Configure Soffid > Global Settings > Metadata ## Query Schema It is allowed to consult all the MailList definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailList ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailList", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "MailList", "description": "MailList object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "domainName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lists", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "externalList", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "roleMembers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "groupMembers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "usersList", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "listsBelong", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "explodedUsersList", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.MailList" } ``` ## Full JSON example

Visit [SCIM MailList examples](https://bookstack.soffid.com/books/scim/page/scim-maillist-examples "SCIM MailList examples") page.

# MailDomain resource ## /MailDomain ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailDomain.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailDomain.html)

## Query Schema It is allowed to consult all the MailDomain definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomain ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomain", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "MailDomain", "description": "MailDomain object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "obsolete", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.MailDomain" } ``` ### Full JSON example

Visit [SCIM MailDomain examples](https://bookstack.soffid.com/books/scim/page/scim-maildomain-examples "SCIM MailDomain examples") page.

# Network resource ## /Network ## Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Network.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Network.html)

## Query Schema It is allowed to consult all the Network definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Network ``` ##### Response 200 ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Network", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Network", "description": "Network object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "ip", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "mask", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "lanAccess", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dhcp", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dhcpSupport", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "loginRestriction", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Network" } ``` ### Full JSON example

Visit [SCIM Network examples](https://bookstack.soffid.com/books/scim/page/scim-network-examples "SCIM Network examples") page.

# DomainValue resource ## /DomainValue ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/DomainValue.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/DomainValue.html)

## Query Schema It is allowed to consult all the DomainValue definition using the Schema query: ##### Request ```XML GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValue ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValue", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "DomainValue", "description": "DomainValue object", "attributes": [ { "uniqueness": "none", "name": "value", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "domainName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "externalCodeDomain", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.DomainValue" } ``` ## Full JSON example

Visit[ SCIM DomainValue examples](https://bookstack.soffid.com/books/scim/page/scim-domainvalue-examples "SCIM DomainValue examples") page.

# VaultFolder resource ## /VaultFolder ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/VaultFolder.html ](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/VaultFolder.html)

## Query Schema It is allowed to consult all the VaultFolder definitions using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolder ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolder", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "VaultFolder", "description": "VaultFolder object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "personal", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "parentId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "parentFolder", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "grantedGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "grantedUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "grantedRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "managerGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "managerUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "managerRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ownerGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ownerUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "ownerRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "navigateGroups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "navigateUsers", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "navigateRoles", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "accessLevel", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.VaultFolder" } ``` ## Full JSON example

Visit [SCIM VaultFolder examples](https://bookstack.soffid.com/books/scim/page/scim-vaultfolder-examples "SCIM VaultFolder examples") page.

# System resource ## /System ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/System.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/System.html)

## Query Schema It is allowed to consult all the System definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.System ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.System", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "System", "description": "System object", "attributes": [ { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "className", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "url", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "url2", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param0", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param1", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param2", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param3", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param4", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param5", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param6", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param7", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param8", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "param9", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "rolebased", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "trusted", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "userTypes", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "groups", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "groupsList", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "accessControl", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "passwordsDomainId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "passwordsDomain", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "usersDomain", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "readOnly", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "fullReconciliation", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "generateTasksOnLoad", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "databaseReplicaId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "authoritative", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "blobParam", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "timeStamp", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "authoritativeProcess", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "manualAccountCreation", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "sharedDispatcher", "mutability": "readWrite", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "threads", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "timeout", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "longTimeout", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "tenant", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.System" } ``` ## Full JSON example

Visit [SCIM System examples](https://bookstack.soffid.com/books/scim/page/scim-system-examples "SCIM System examples") page.

# CustomObject resource ## /CustomObject ## Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/CustomObject.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/CustomObject.html)

## Query Schema It is allowed to consult all the CustomObject definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObject ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObject", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "CustomObject", "description": "CustomObject object", "attributes": [ { "uniqueness": "none", "name": "id", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "name", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "type", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "attributes", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.CustomObject" } ``` ## Full JSON example

Visit [SCIM CustomObject examples](https://bookstack.soffid.com/books/scim/page/scim-customobject-examples "SCIM CustomObject examples") page.

# ProcessDefinition resource ## /ProcessDefinition ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessDefinition.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessDefinition.html)

## Query Schema It is allowed to consult all the ProcessDefinition definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "ProcessDefinition", "description": "ProcessDefinition object", "attributes": [ { "uniqueness": "none", "name": "version", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "tag", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "name", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "server", "name": "id", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "enabled", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "appliesTo", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "type", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "deployed", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "author", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" } ``` ## Full JSON example

Visit [SCIM ProcessDefinition examples](https://bookstack.soffid.com/books/scim/page/scim-processdefinition-examples "SCIM ProcessDefinition examples") page.

# ProcessInstance resource ## /ProcessInstance ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessInstance.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessInstance.html)

## QUery Schema It is allowed to consult all the ProcessInstance definitions using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstance ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstance", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "ProcessInstance", "description": "ProcessInstance object", "attributes": [ { "uniqueness": "server", "name": "id", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "description", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "start", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "end", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "variables", "mutability": "readWrite", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "currentTask", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "comments", "mutability": "readWrite", "type": "complex", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "processDefinition", "mutability": "immutable", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dummyProcess", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "transition", "mutability": "writeOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false } ], "id": "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" } ``` ### Full JSON example

Visit [SCIM ProcessInstance examples](https://bookstack.soffid.com/books/scim/page/scim-processinstance-examples "SCIM ProcessInstance examples") page.

# TaskInstance resource ## /TaskInstance ### Dictionary table

The diagram service model of the object: [https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/TaskInstance.html](https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/TaskInstance.html)

## Query Schema It is allowed to consult all the TaskInstance definition using the Schema query: ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstance ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstance", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "TaskInstance", "description": "TaskInstance object", "attributes": [ { "uniqueness": "server", "name": "id", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "processName", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "server", "name": "processId", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "processDefinition", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dummyTask", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "name", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "description", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "actorId", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "create", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "start", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "end", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "dueDate", "mutability": "readOnly", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "priority", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "cancelled", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "open", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "signalling", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "blocking", "mutability": "readOnly", "type": "boolean", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "swimlane", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "pooledActors", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "variables", "mutability": "readWrite", "type": "complex", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "transitions", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "transition", "mutability": "writeOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false } ], "id": "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" } ``` ## Full JSON example

Visit [SCIM TaskInstance examples](https://bookstack.soffid.com/books/scim/page/scim-taskinstance-examples "SCIM TaskInstance examples") page.

# Issue resource ## /Issue ### Dictionary table ## Query Schema It is allowed to consult all the Issue definition using the Schema query: ##### Request ```shell GET http:///soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Issue ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Issue", "resourceType": "Schema" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "name": "Issue", "description": "Issue object", "attributes": [ { "uniqueness": "none", "name": "number", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "created", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "type", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "description", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "times", "mutability": "readOnly", "type": "integer", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "status", "canonicalValues": [ "N", "A", "S", "D" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": true }, { "uniqueness": "none", "name": "acknowledged", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "solved", "mutability": "readWrite", "type": "dateTime", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "failedLoginPct", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "humanConfidence", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "system", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "otpDevice", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "exception", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "risk", "canonicalValues": [ "L", "H", "F", "N" ], "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "roleAccount", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "rule", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "jobName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "country", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "account", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "actor", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "loginName", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "hosts", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "users", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": true, "required": false }, { "uniqueness": "none", "name": "performedActions", "mutability": "readWrite", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false }, { "uniqueness": "none", "name": "requester", "mutability": "readOnly", "type": "string", "caseExact": true, "returned": "default", "multiValued": false, "required": false } ], "id": "urn:soffid:com.soffid.iam.api.Issue" } ``` ## Full JSON example

Visit [SCIM Issue examples](https://bookstack.soffid.com/books/scim/page/scim-issue-examples) page

# SCIM full examples # Previous steps Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in [How to use SCIM in Soffid # Installation](https://bookstack.soffid.com/link/120#bkmrk-installation) Please note that a user with the authentication is required, please check this part in [How to use SCIM in Soffid # Confirm authorization](https://bookstack.soffid.com/link/120#bkmrk-confirm-authorizatio) Please note that is recommended to use a REST client, please see our example in [Testing tool # RESTer](https://bookstack.soffid.com/link/118#bkmrk-rester) Please note that the correct header parameters must be used, please browse them in [SCIM in Soffid # HTTP request](https://bookstack.soffid.com/link/114#bkmrk-http-request) # SCIM User examples ## Operations This page shows the operations that can be performed for the user object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/User ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 64, "startIndex": 1, "Resources": [ { "lastName": "Pig", "profileServer": "null", "createdByUser": "hrms", "fullName": "Dad Pig", "active": true, "userName": "1", "mailAlias": "", "mailServer": "null", "firstName": "Dad", "createdDate": "2021-02-16 13:38:26", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477909", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'1'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'1'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'1'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-04 09:24:54", "attributes": {}, "id": 1477909, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" }, { "lastName": "SUZY", "profileServer": "null", "createdByUser": "hrms", "fullName": "Suzy SUZY", "active": true, "userName": "10", "mailAlias": "", "mailServer": "null", "firstName": "Suzy", "createdDate": "2021-02-16 13:38:27", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477931", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'10'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'10'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'10'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-05 14:11:37", "attributes": {}, "id": 1477931, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" }, { "lastName": "Rabbit", "profileServer": "null", "createdByUser": "hrms", "fullName": "Ricchard Rabbit", "active": true, "userName": "11", "mailAlias": "", "mailServer": "null", "firstName": "Ricchard", "createdDate": "2021-02-16 13:38:27", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477953", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'11'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'11'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'11'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-02-17 19:06:20", "attributes": {}, "id": 1477953, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" }, ....... ] } ``` ### List by filter List all users with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/User?filter=lastName co ada&sortOrder=descending&sortBy=userName ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 13, "startIndex": 1, "Resources": [ { "lastName": "ADAMS", "comments": "Changed", "profileServer": "null", "createdByUser": "soffid.bubu.lab", "fullName": "Wally ADAMS", "active": true, "userName": "wally", "mailAlias": "", "mailServer": "null", "firstName": "Wally", "createdDate": "2020-12-11 11:23:58", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1002599", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'wally'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'wally'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'wally'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-04-22 19:31:01", "attributes": { "RegisterServiceProvider": "anonymous", "manager": "admin", "PHONE": "2", "EMAIL": "wally5@test.com", }, "id": 1002599, "userType": "I", "homeServer": "null", "primaryGroupDescription": "Enterprise", "primaryGroup": "enterprise" }, { "lastName": "ADAMS", "comments": "Changed", "profileServer": "null", "createdByUser": "soffid.bubu.lab", "fullName": "Tina ADAMS", "active": true, "userName": "tina", "mailAlias": "", "mailServer": "null", "firstName": "Tina", "createdDate": "2020-12-11 12:22:07", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1004678", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'tina'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'tina'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'tina'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-04-22 19:11:17", "attributes": { "RegisterServiceProvider": "anonymous", "manager": "admin", "PHONE": "1", "EMAIL": "tina11@test.com", }, "id": 1004678, "userType": "I", "homeServer": "null", "primaryGroupDescription": "Enterprise", "primaryGroup": "enterprise" }, { "lastName": "ADAMS", "comments": "Changed", "profileServer": "null", "createdByUser": "soffid.bubu.lab", "fullName": "Teodoro ADAMS", "active": true, "userName": "ted", "mailAlias": "", "mailServer": "null", "firstName": "Teodoro", "createdDate": "2020-12-11 09:18:42", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1000190", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ted'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ted'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ted'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-02-04 15:44:42", "attributes": { "RegisterServiceProvider": "anonymous", "manager": "admin", "EMAIL": "test3@gmail.com", }, "id": 1000190, "userType": "I", "homeServer": "null", "primaryGroupDescription": "Enterprise", "primaryGroup": "enterprise" }, ......... ] } ``` ### Query by id Query a user by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/User/1057751 ``` ##### Response 200 OK ```JSON { "lastName": "Smith", "comments": "Changed", "createdByUser": "soffid.bubu.lab", "fullName": "John Smith", "active": true, "userName": "jsmith", "mailAlias": "", "firstName": "John", "createdDate": "2020-12-14 17:52:14", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1057751", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'jsmith'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'jsmith'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'jsmith'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-07 12:32:41", "attributes": { "RegisterServiceProvider": "anonymous", "manager": "admin", "EMAIL": "jsmith@test.com", "birthDate": "1970-05-26 00:00:00", "ActivationKey": "HPhl61lBlJ9fgcDtWyug0O15" }, "id": 1057751, "userType": "I", "primaryGroupDescription": "Help desk support team", "primaryGroup": "it" } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/User ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "userName": "ckelp", "firstName": "Cas", "lastName": "Kelp", "userType": "I", "primaryGroup": "world", "homeServer": "null", "mailServer": "null", "profileServer": "null", "active": true } ``` ##### Response 201 Created ```JSON { "lastName": "Kelp", "profileServer": "null", "createdByUser": "admin", "fullName": "Cas Kelp", "active": true, "userName": "ckelp", "mailAlias": "", "mailServer": "null", "firstName": "Cas", "createdDate": "2021-05-11 09:06:49", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665", "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-11 09:06:49", "attributes": {}, "id": 1976665, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value.

If you want to add users to a group, please visit [SCIM GroupUser examples](https://bookstack.soffid.com/books/scim/page/scim-groupuser-examples "SCIM GroupUser examples") page

##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/User/1976665 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "lastName", "value": "Casey" }, { "op": "replace", "path": "middleName", "value": "XX" } ] } ``` ##### Response 200 OK ```JSON { "lastName": "Casey", "profileServer": "null", "createdByUser": "admin", "fullName": "Casey Casey XX", "active": true, "userName": "ckelp", "mailAlias": "", "mailServer": "null", "firstName": "Casey", "createdDate": "2021-05-11 09:06:49", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-11 09:33:35", "middleName": "XX", "attributes": {}, "id": 1976665, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" } ``` #### #### Password change Password change request. Multiple domains can be specified adding new objects inside the first "value" key. In this example we update the password on a user so that the user doesn't have to change the password on the first logon ("passwordExpired" is false). ##### Request ```Rest PATCH https:///soffid/webservice/scim2/v1/User/568327 ``` ##### Body (JSON) ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "Operations": [ { "op": "replace", "path": "password", "value": [ {"domain": "DEFAULT", "value": "NewPass1234", "passwordExpired": false} ] } ] } ``` ##### Response 200 OK ```JSON { "lastName": "Peaky", "createdByUser": "admin", "fullName": "Familiar Peaky Primer", "active": true, "userName": "familiar1", "mailAlias": "", "firstName": "Familiar", "emailAddress": "familiar1@soffid.com", "mailDomain": "soffid.com", "createdDate": "2023-07-05 00:00:00", "multiSession": false, "meta": { "location": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/User/568327", "links": { "roleAccounts": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'familiar1'+and+enabled+eq+true", "groupUsers": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'familiar1'+and+disabled+eq+false", "accounts": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'familiar1'", "issues": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'familiar1'", "effectiveGrants": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/User/568327/effectiveGrants" }, "resourceType": "User" }, "modifiedByUser": "queries", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2024-05-15 09:46:28.714", "middleName": "Primer", "attributes": { "gepipId": "645cb2ed99e63065c76b51de", "RecoverKey": "unEVPLWQ2KLdocjmpGs2vO4uO6jL8m2VMChIypJCTUmMV867l1ZgEr5sAJBw5koJ0uOYOM3iCRC4568327", "email": "familiar1@soffid.com" }, "id": 568327, "userType": "E", "shortName": "familiar1", "primaryGroupDescription": "World", "primaryGroup": "world" } ``` ### Update all This operation replaces all values in the user. - Note that the attribute id is required to confirm that the resource "...User/<id>" is the same that the JSON user. - Note that all the attributes not included in the request will be cleared in the user and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/User/1976590 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "id": 1976665, "userName": "ckelp", "firstName": "Casey", "lastName": "Kelp", "userType": "I", "primaryGroup": "world", "homeServer": "null", "mailServer": "null", "profileServer": "null", "active": true } ``` ##### Response 200 OK ```JSON { "lastName": "Kelp", "profileServer": "null", "createdByUser": "admin", "fullName": "Casey Kelp", "active": true, "userName": "ckelp", "mailAlias": "", "mailServer": "null", "firstName": "Casey", "createdDate": "2021-05-11 09:06:49", "multiSession": false, "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1976665", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true", "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false", "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'" }, "resourceType": "User" }, "modifiedByUser": "admin", "schemas": [ "urn:soffid:com.soffid.iam.api.User" ], "modifiedDate": "2021-05-11 09:35:24", "attributes": {}, "id": 1976665, "userType": "I", "homeServer": "null", "primaryGroupDescription": "World Original", "primaryGroup": "world" } ``` ### Delete

Please note after this delete, the user has to be created again to use it in the following examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/User/1976665 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Group examples ## Operations This page shows the operations that can be performed for the group object. ### List all ##### Request ```XML GET http:///soffid/webservice/scim2/v1/Group ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 7, "startIndex": 1, "Resources": [ { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "world", "obsolete": false, "description": "World Original", "attributes": {}, "id": 83 }, { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/87", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'enterprise'+or secondaryGroup.group.name+eq+'enterprise'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'enterprise'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "enterprise", "obsolete": false, "description": "Enterprise", "parentGroup": "world", "attributes": {}, "id": 87 }, ...... ] } ``` ### List by filter List all groups with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```XML GET http:///soffid/webservice/scim2/v1/Group?filter=name co world ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "world", "obsolete": false, "description": "World Original", "attributes": {}, "id": 83 }, { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/485118", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world2'+or secondaryGroup.group.name+eq+'world2'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world2'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "world2", "obsolete": false, "description": "World Modified", "attributes": {}, "id": 485118 } ] } ``` ### Query by id Retrieve a group by its id (primary key). ##### Request ```XML GET http:///soffid/webservice/scim2/v1/Group/83 ``` ##### Response 200 OK ```JSON { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "world", "obsolete": false, "description": "World Original", "attributes": {}, "id": 83 } ``` ### Create ##### Request ```XML POST http:///soffid/webservice/scim2/v1/Group/ ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "EngineeringTeam", "description": "Enterprise engineering team", "parentGroup": "world" } ``` ##### Response 201 Created ```JSON { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559", "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "EngineeringTeam", "obsolete": false, "description": "Enterprise engineering team", "parentGroup": "world", "attributes": {}, "id": 1976559 } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value.

If you want to add users to a group, please visit [SCIM GroupUser examples](https://bookstack.soffid.com/books/scim/page/scim-groupuser-examples "SCIM GroupUser examples") page

##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/Group/1976559 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "description", "value": "Enterprise Engineering Group" }, { "op": "replace", "path": "type", "value": "CC" } ] } ``` ##### Response 200 OK ```JSON { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "EngineeringTeam", "obsolete": false, "description": "Enterprise Engineering Group", "parentGroup": "world", "attributes": {}, "id": 1976559, "type": "CC" } ``` ### Update all This operation replaces all values in the group. - Note that the attribute id is required to confirm that the resource "...Group/<id>" is the same that the JSON group. - Note that all the attributes not included in the request will be cleared in the group and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema). ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Group/1976559 ``` **JSON** ```JSON { "schemas": ["urn:soffid:com.soffid.iam.api.Group"], "id": 1976559, "name": "EngineeringTeam", "description": "Enterprise engineering team", "parentGroup": "world" } ``` ##### Response 200 OK ```JSON { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559", "links": { "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'", "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'" }, "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "EngineeringTeam", "obsolete": false, "description": "Enterprise engineering team", "parentGroup": "world", "attributes": {}, "id": 1976559 } ``` ### Delete

Please note that after this delete action, you will need to create again the group to use it in the next examples.

##### Request ```XML DELETE http:///soffid/webservice/scim2/v1/Group/1976559 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Account examples ## Operations This page shows the operations that can be performed for the account object ### List all List all accounts, disabled or not. ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Account ``` ##### Response 200 OK For example, after the Soffid installation, these are the available account. ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "lastLogin": "2021-05-10 13:00:40", "grantedRoles": [], "description": "Soffid Administrator", "type": "U", "ownerGroups": [], "oldName": "admin", "loginName": "admin", "inheritNewPermissions": false, "disabled": false, "id": 103, "managerGroups": [], "grantedGroups": [], "lastPasswordSet": "2021-05-05 11:32:14", "passwordExpiration": "2022-05-05 00:00:00", "passwordPolicy": "I", "accessLevel": "O", "managerRoles": [], "created": "2020-02-13 23:01:44", "system": "soffid", "ownerRoles": [], "meta": { "location": "http:///webservice/scim2/v1/Account/103", "links": { "roleAccounts": "http:///webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true", "users": "http:///webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103" }, "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "admin", "managerUsers": [], "attributes": {}, "status": "a", "ownerUsers": [ "admin" ], "grantedUsers": [] } ] } ``` ### List by filter List all accounts with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy pr ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "lastLogin": "2021-05-10 13:05:15", "grantedRoles": [], "description": "Soffid Administrator", "type": "U", "ownerGroups": [], "oldName": "admin2", "loginName": "admin", "inheritNewPermissions": false, "disabled": false, "id": 103, "managerGroups": [], "grantedGroups": [], "lastPasswordSet": "2021-05-05 11:32:14", "passwordExpiration": "2022-05-05 00:00:00", "passwordPolicy": "I", "accessLevel": "O", "managerRoles": [], "created": "2020-02-13 23:01:44", "system": "soffid", "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/103", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103" }, "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "admin", "managerUsers": [], "attributes": {}, "status": "a", "ownerUsers": [ "admin" ], "grantedUsers": [] }, { "passwordPolicy": "I", "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "created": "2021-03-04 22:37:21", "description": "Soffid test account", "type": "I", "system": "soffid", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587766", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766" }, "resourceType": "Account" }, "loginName": "admintest", "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "admintest", "inheritNewPermissions": false, "managerUsers": [ "dilbert", "dogbert" ], "disabled": false, "attributes": {}, "id": 1587766, "managerGroups": [], "grantedGroups": [], "status": "a", "ownerUsers": [ "admin" ], "grantedUsers": [] }, { "passwordPolicy": "I", "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "created": "2021-03-04 22:44:06", "description": "Soffid test account 2", "type": "I", "system": "soffid", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587776", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776" }, "resourceType": "Account" }, "loginName": "admintest2", "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "admintest2", "inheritNewPermissions": false, "managerUsers": [ "dilbert", "dogbert" ], "disabled": false, "attributes": {}, "id": 1587776, "managerGroups": [], "grantedGroups": [], "status": "a", "ownerUsers": [ "admin" ], "grantedUsers": [] } ] } ``` ### Query by id Query an account by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Account/1057754 ``` ##### Response 200 OK ```JSON { "passwordPolicy": "I", "grantedRoles": [], "accessLevel": "-", "managerRoles": [], "created": "2020-12-14 17:52:14", "description": "John Smith", "type": "U", "system": "idp", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1057754", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754" }, "resourceType": "Account" }, "loginName": "jsmith", "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "jsmith", "inheritNewPermissions": false, "managerUsers": [], "disabled": false, "attributes": {}, "id": 1057754, "managerGroups": [], "grantedGroups": [], "status": "a", "ownerUsers": [ "jsmith" ], "grantedUsers": [] } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/Account ``` **JSON** ```JSON { "schemas": ["urn:soffid:com.soffid.iam.api.Account"], "name": "Guest", "type": "I", "system": "soffid", "passwordPolicy": "I", "description": "Guest user", "inheritNewPermissions": false, "disabled": false } ``` ##### Response 201 Created ```JSON { "passwordPolicy": "I", "grantedRoles": [], "managerRoles": [], "description": "Guest user", "type": "I", "system": "soffid", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454", "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "Guest", "inheritNewPermissions": false, "managerUsers": [], "disabled": false, "attributes": {}, "id": 1976454, "managerGroups": [], "grantedGroups": [], "ownerUsers": [], "grantedUsers": [] } ``` ### Update partial Only attributes with changes will be updated, the others will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/Account/15455 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "Operations": [ { "op": "replace", "path": "description", "value": "Guest User" }, { "op": "replace", "path": "ownerUsers", "value": [ "admin" ] } ] } ``` ##### Response 200 OK ```JSON { "passwordPolicy": "I", "grantedRoles": [], "accessLevel": "-", "managerRoles": [], "created": "2021-05-10 13:08:05", "description": "Guest User", "type": "I", "system": "soffid", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454" }, "resourceType": "Account" }, "loginName": "Guest", "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "Guest", "inheritNewPermissions": false, "managerUsers": [], "disabled": false, "attributes": {}, "id": 1976454, "managerGroups": [], "grantedGroups": [], "status": "a", "ownerUsers": [ "admin" ], "grantedUsers": [] } ``` ### Update partial (password update) ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/Account/15455 ``` **JSON** **Option 1** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "Operations": [ { "op": "replace", "path": "password.value", "value": "123123" }, { "op": "replace", "path": "password.expired", "value": false } ] } ``` **Option 2** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "Operations": [ { "op": "replace", "path": "password", "value": { "value" : "123123", "expired" : false } } ] } ``` ##### Response 200 OK ```JSON { "lastLogin": "2023-06-29 14:30:29", "grantedRoles": [], "description": "Frankaaa Sinatra", "type": "U", "ownerGroups": [], "loginName": "frank", "inheritNewPermissions": false, "disabled": false, "id": 5366314, "managerGroups": [], "grantedGroups": [], "lastPasswordSet": "2023-06-29 14:30:37", "passwordExpiration": "2023-07-24 00:00:00", "passwordPolicy": "I", "accessLevel": "-", "managerRoles": [], "created": "2022-04-21 10:11:12", "hasSnapshot": false, "system": "soffid", "ownerRoles": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/5366314", "links": { "briefAudit": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Audit?filter=searchIndex+eq+'ACC%235366314'", "roleAccounts": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+5366314+and+enabled+eq+true", "users": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+5366314+or+accounts.account.id+eq+5366314" }, "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "frank", "managerUsers": [], "lastChange": "2023-06-05 15:05:16", "attributes": {}, "status": "a", "ownerUsers": [ "frank" ], "grantedUsers": [] } ``` ### Update all This operation replaces all values in the account. For example, we will update the description. - Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account. - Note that all the attributes not included in the request will be cleared in the account and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Account/1976454 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "id": 1976454, "name": "Guest", "type": "I", "system": "soffid", "passwordPolicy": "I", "description": "Guest Guest", "inheritNewPermissions": false, "disabled": false } ``` ##### Response 200 OK ```JSON { "passwordPolicy": "I", "grantedRoles": [], "managerRoles": [], "description": "Guest Guest", "type": "I", "system": "soffid", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454", "links": { "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true", "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454" }, "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "Guest", "inheritNewPermissions": false, "managerUsers": [], "disabled": false, "attributes": {}, "id": 1976454, "managerGroups": [], "grantedGroups": [], "status": "a", "ownerUsers": [], "grantedUsers": [] } ``` ### Delete

Please note after this delete, the account has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/Account/1976454 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Note: use of roles with domain values In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID\_OU\_DOMAIN and domains D2 and enterprise: ```JSON { "grantedRoles": [], "roles": [ { "informationSystemName": "SOFFID", "roleName": "SOFFID_OU_MANAGER", "id": 2236442, "roleDescription": "Business unit manager", "domainValue": "D2" }, { "informationSystemName": "SOFFID", "roleName": "SOFFID_OU_MANAGER", "id": 2236447, "roleDescription": "Business unit manager", "domainValue": "enterprise" } ], "description": "faith - faith MUYOYO", "type": { "value": "U" }, "lastUpdated": "2019-07-16T10:35:01+02:00", "ownerGroups": [], "inheritNewPermissions": false, "disabled": false, "id": 1727122, "grantedGroups": [], "managerGroups": [], "passwordPolicy": "I", "managerRoles": [], "created": "2019-07-16T10:26:16+02:00", "system": "soffid", "ownerRoles": [], "meta": { "location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122", "resourceType": "Account" }, "name": "faith", "managerUsers": [], "attributes": {}, "grantedUsers": [], "ownerUsers": [ { "lastName": "Smith", "createdByUser": "csv", "mailServer": "null", "nationalID": "", "multiSession": false, "modifiedByUser": "admin", "id": 1727113, "homeServer": "null", "primaryGroupDescription": "Entrprise", "primaryGroup": "enterprise", "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019", "profileServer": "null", "active": true, "fullName": "faith MUYOYO", "userName": "faith", "mailAlias": "", "firstName": "faith", "createdDate": "2019-07-16T10:26:16+02:00", "phoneNumber": "", "modifiedDate": "2019-12-12T17:06:42+01:00", "userType": "I" } ] } ``` ### Error response

For more infomation about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Application examples ## Operations This page shows the operations that can be performed for the application object (Information Systems from a functional point of view) ### List all ##### Request ```XML GET http:///webservice/scim2/v1/Application ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "parent": "Operation/Business 2", "relativeName": "SOFFID", "database": "", "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business 2/SOFFID", "description": "SOFFID Identity Manager", "singleRole": false, "attributes": {}, "id": 41, "type": "application" }, { "parent": "Operation/Business process", "relativeName": "ad", "database": "ad", "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business process/ad", "description": "Active Directory", "singleRole": false, "attributes": {}, "id": 391459, "type": "application" } ] } ``` ### List by filter List all application with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```XML GET http:///soffid/webservice/scim2/v1/Application?filter=description co SOFFID ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "parent": "Operation/Business 2", "relativeName": "SOFFID", "database": "", "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business 2/SOFFID", "description": "SOFFID Identity Manager", "singleRole": false, "attributes": {}, "id": 41, "type": "application" }, { "parent": "Operation/Business 2", "relativeName": "iam.soffid.com", "database": "iam.soffid.com", "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1836136", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/iam.soffid.com'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/iam.soffid.com'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business 2/iam.soffid.com", "description": "Discovered host iam.soffid.com", "singleRole": false, "attributes": {}, "id": 1836136, "type": "application" } ] } ``` ### Query by id Retrieve an application by its id (primary key). ##### Request ```XML GET http:///soffid/webservice/scim2/v1/Application/391459 ``` ##### Response 200 OK ```JSON { "parent": "Operation/Business process", "relativeName": "ad", "database": "ad", "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business process/ad", "description": "Active Directory", "singleRole": false, "attributes": {}, "id": 391459, "type": "application" } ``` ### Create To create an application (Information System). ##### Request ```XML POST http:///soffid/webservice/scim2/v1/Application/ ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "parent": "Operation/Business 2", "relativeName": "appBilling", "database": "", "bpmEnabled": false, "name": "Operation/Business 2/App Billing", "description": "Billing application", "singleRole": false, "attributes": {}, "type": "application" } ``` ##### Response 201 Created ```JSON { "parent": "Operation/Business 2", "relativeName": "App Billing", "database": "", "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515", "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business 2/App Billing", "description": "Billing application", "singleRole": false, "attributes": {}, "id": 1976515, "type": "application" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/Application/1976515 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "Operations": [ { "op": "replace", "path": "parent", "value": "Operation/Business process" }, { "op": "replace", "path": "name", "value": "Operation/Business process/App Billing" }, { "op": "replace", "path": "database", "value": "DDBBBilling" } ] } ``` ##### Response 200 OK ```JSON { "parent": "Operation/Business process", "relativeName": "App Billing", "database": "DDBBBilling", "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/App Billing'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/App Billing'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business process/App Billing", "description": "Billing application", "singleRole": false, "attributes": {}, "id": 1976515, "type": "application" } ``` ### Update all This operation replaces all values in the application. - Note that the attribute id is required to confirm that the resource "...Application/<id>" is the same that the JSON user. - Note that all the attributes not included in the request will be cleared in the application and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema). ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Application/1976515 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "id": 1976515, "parent": "Operation/Business 2", "relativeName": "appBilling", "database": "", "bpmEnabled": false, "name": "Operation/Business 2/App Billing", "description": "Billing application", "singleRole": false, "attributes": {}, "type": "application" } ``` ##### Response 200 OK ```JSON { "parent": "Operation/Business 2", "relativeName": "App Billing", "database": "", "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515", "links": { "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/App Billing'", "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/App Billing'" }, "resourceType": "Application" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Application" ], "name": "Operation/Business 2/App Billing", "description": "Billing application", "singleRole": false, "attributes": {}, "id": 1976515, "type": "application" } ``` ### Delete

Please note that after this delete action, you will need to create again the application to use it in the next examples.

##### Request ```XML DELETE http:///webservice/scim2/v1/Application/2236428 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Role examples ## Operations This page shows the operations that can be performed for the role object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Role ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "approvalEnd": "2021-02-26 13:19:36", "ownedRoles": [ { "informationSystem": "Operation/Business process/ad", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 393195, "mandatory": true, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/1563461", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "AD role", "hasDomain": false, "id": 1563461, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "AD role", "status": "A" }, { "informationSystem": "Operation/Business 2/SOFFID", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 393447, "mandatory": true, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "accounting_mgr", "hasDomain": false, "id": 501188, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "Accounting Manager", "status": "A" }, { "informationSystem": "Operation/Business process/ad", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 391535, "mandatory": true, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503759", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "g100", "hasDomain": false, "id": 503759, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "Desarrollo Circuito", "status": "A" }, { "informationSystem": "Operation/Business process/ad", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 391480, "mandatory": false, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "Group Policy Creator Owners", "hasDomain": false, "id": 501481, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "Members in this group can modify group policy for the domain", "status": "A" } ], "description": "SOFFID Administrator", "granteeGroups": [ { "system": "soffid", "informationSystem": "Operation/Business 2/SOFFID", "roleId": 63, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503848", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "SOFFID_ADMIN", "ownerGroup": "admingroup", "hasDomain": false, "id": 503848, "roleDescription": "SOFFID Administrator", "mandatory": true, "enabled": true } ], "informationSystemName": "Operation/Business 2/SOFFID", "password": false, "system": "soffid", "ownerGroups": [ { "organizational": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/91", "resourceType": "Group" }, "quota": "0", "schemas": [ "urn:soffid:com.soffid.iam.api.Group" ], "name": "admingroup", "obsolete": false, "description": "Enterprise Administrators Group", "parentGroup": "enterprise", "attributes": {}, "id": 91 } ], "ownerRoles": [ { "informationSystem": "Operation/Business 2/SOFFID", "ownerRole": 392727, "ownerRoleDescription": "Business Services", "roleId": 63, "mandatory": true, "enabled": true, "ownerSystem": "ad", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501606", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "SOFFID_ADMIN", "hasDomain": false, "id": 501606, "ownerRoleName": "share-15000", "roleDescription": "SOFFID Administrator", "status": "A" } ], "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/63", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "SOFFID_ADMIN", "approvalStart": "2021-02-26 13:19:36", "attributes": {}, "id": 63, "enableByDefault": true }, { "ownedRoles": [], "description": "Soffid vault owner", "granteeGroups": [], "informationSystemName": "Operation/Business 2/SOFFID", "password": false, "system": "soffid", "ownerGroups": [], "ownerRoles": [], "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/790961", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "SOFFID_OWNER", "attributes": {}, "id": 790961, "enableByDefault": false }, ............. ] } ``` ### List by filter List all roles with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Role?filter=ownerRoles.name eq SOFFID_ADMIN ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "ownedRoles": [], "description": "Accounting Manager", "granteeGroups": [], "informationSystemName": "Operation/Business 2/SOFFID", "password": false, "system": "ad", "ownerGroups": [], "ownerRoles": [ { "informationSystem": "Operation/Business 2/SOFFID", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 393447, "mandatory": true, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "accounting_mgr", "hasDomain": false, "id": 501188, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "Accounting Manager", "status": "A" } ], "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393447", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "accounting_mgr", "attributes": {}, "id": 393447, "enableByDefault": false }, { "ownedRoles": [], "description": "Members in this group can modify group policy for the domain", "granteeGroups": [], "informationSystemName": "Operation/Business process/ad", "password": false, "system": "ad", "ownerGroups": [], "ownerRoles": [ { "informationSystem": "Operation/Business process/ad", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 391480, "mandatory": false, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "Group Policy Creator Owners", "hasDomain": false, "id": 501481, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "Members in this group can modify group policy for the domain", "status": "A" } ], "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/391480", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "Group Policy Creator Owners", "attributes": {}, "id": 391480, "enableByDefault": false }, ............. ] } ``` ### Query by id Query a role by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Role/393195 ``` ##### Response 200 OK ```JSON { "approvalEnd": "2021-02-04 15:39:05", "ownedRoles": [], "description": "AD role", "granteeGroups": [], "informationSystemName": "Operation/Business process/ad", "password": false, "system": "ad", "ownerGroups": [], "ownerRoles": [ { "informationSystem": "Operation/Business process/ad", "ownerRole": 63, "ownerRoleDescription": "SOFFID Administrator", "roleId": 393195, "mandatory": true, "enabled": true, "ownerSystem": "soffid", "system": "ad", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/1563461", "resourceType": "RoleGrant" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleGrant" ], "roleName": "AD role", "hasDomain": false, "id": 1563461, "ownerRoleName": "SOFFID_ADMIN", "roleDescription": "AD role", "status": "A" } ], "bpmEnabled": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393195", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "AD role", "approvalStart": "2021-02-04 15:39:05", "attributes": {}, "id": 393195, "enableByDefault": false } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/Role ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "App Billing Role", "description": "Role Admin for Billing application", "informationSystemName": "Operation/Business 2/App Billing", "system": "test", "password": false, "bpmEnabled": false, "enableByDefault": false, "granteeGroups": [], "ownedRoles": [], "ownerGroups": [], "ownerRoles": [] } ``` ##### Response 201 Created ```JSON { "ownedRoles": [], "description": "Role Admin for Billing application", "granteeGroups": [], "informationSystemName": "Operation/Business 2/App Billing", "password": false, "system": "test", "ownerGroups": [], "ownerRoles": [], "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "App Billing Role", "attributes": {}, "id": 1976590, "enableByDefault": false } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/Role/1976590 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "Operations": [ { "op": "replace", "path": "system", "value": "soffid" } ] } ``` ##### Response 200 OK ```JSON { "ownedRoles": [], "description": "Role Admin for Billing application", "granteeGroups": [], "informationSystemName": "Operation/Business 2/App Billing", "password": false, "system": "soffid", "ownerGroups": [], "ownerRoles": [], "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "App Billing Role", "attributes": {}, "id": 1976590, "enableByDefault": false } ``` ### Update all This operation replaces all values in the role. - Note that the attribute id is required to confirm that the resource "...Role/<id>" is the same that the JSON role. - Note that all the attributes not included in the request will be cleared in the role and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Role/1976590 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "id": 1976590, "name": "App Billing", "description": "Role Admin for Billing application", "informationSystemName": "Operation/Business 2/App Billing", "system": "test", "password": false, "bpmEnabled": false, "enableByDefault": false, "granteeGroups": [], "ownedRoles": [], "ownerGroups": [], "ownerRoles": [] } ``` ##### Response 200 OK ```JSON { "ownedRoles": [], "description": "Role Admin for Billing application", "granteeGroups": [], "informationSystemName": "Operation/Business 2/App Billing", "password": false, "system": "test", "ownerGroups": [], "ownerRoles": [], "bpmEnabled": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590", "resourceType": "Role" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "App Billing", "attributes": {}, "id": 1976590, "enableByDefault": false } ``` ### Delete

Please note after this delete, the role has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/Role/1976590 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

## Notes ### Note: use of roles with domain values In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID\_OU\_DOMAIN and domains D2 and enterprise: ```JSON { "grantedRoles": [], "roles": [ { "informationSystemName": "SOFFID", "roleName": "SOFFID_OU_MANAGER", "id": 2236442, "roleDescription": "Business unit manager", "domainValue": "D2" }, { "informationSystemName": "SOFFID", "roleName": "SOFFID_OU_MANAGER", "id": 2236447, "roleDescription": "Business unit manager", "domainValue": "enterprise" } ], "description": "faith - faith MUYOYO", "type": { "value": "U" }, "lastUpdated": "2019-07-16T10:35:01+02:00", "ownerGroups": [], "inheritNewPermissions": false, "disabled": false, "id": 1727122, "grantedGroups": [], "managerGroups": [], "passwordPolicy": "I", "managerRoles": [], "created": "2019-07-16T10:26:16+02:00", "system": "soffid", "ownerRoles": [], "meta": { "location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122", "resourceType": "Account" }, "name": "faith", "managerUsers": [], "attributes": {}, "grantedUsers": [], "ownerUsers": [ { "lastName": "Smith", "createdByUser": "csv", "mailServer": "null", "nationalID": "", "multiSession": false, "modifiedByUser": "admin", "id": 1727113, "homeServer": "null", "primaryGroupDescription": "Entrprise", "primaryGroup": "enterprise", "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019", "profileServer": "null", "active": true, "fullName": "faith MUYOYO", "userName": "faith", "mailAlias": "", "firstName": "faith", "createdDate": "2019-07-16T10:26:16+02:00", "phoneNumber": "", "modifiedDate": "2019-12-12T17:06:42+01:00", "userType": "I" } ] } ``` ### Notes about role domains By default, roles have no security domain (sometimes referred to as scope). When a security domain is assigned to a role, each account-role object is tagged with the proper security domain value. It is allowed to assign one role multiple times to the same user, as long as each assignment is tagged with a different security domain value. For instance, one can create the SOFFID\_OU\_MANAGER role bound to the GROUPS security domain. Then, you can assign the role SOFFID\_OU\_MANAGER/Group1 to any user. Four kind of security domains are available: - SENSE\_DOMAIN: No security domain applies - GROUP: A business unit is bound to each grant of this role - APLICATION: A information sysstem is bound to each grant of this role - Custom domain: Each application can have its own security domains with arbitrary meanings. To set or modify the role domain for a role, one can use the "domain" attribute. This attribute is a complex object composed of a name and a description. Only the name is mandatory. ### Notes about role inheritance Role inheritance is driven by the ownedRoles, ownerRoles and ownedGroups. Each of these attributes is an array of grants. Each grant has the following attributes: - ownerRole: id of owner role. - ownerSystem: name of owner role's system. - ownerRoleName: name of owner role's name. - ownerRolDomainValue: security domain of the owner role. If a user is granted with the owner role, and the ownerRolDomainValue does not match the grant domain, the inheritance rule does not apply. - roleId: id of owned role. - system: name of owned role's system - roleName: name of owned role's name - domainValue: security domain of the owned role. The role inheritance can vary slightly depending on whether the owned role and the owner role are in the same domain or not:
**Resulting domain value**
**Owner role has no domain**
**Owner role has a different domain**
**Same domain**
Domain value not specifiedBlankBlankOwner role domain value
Domain value specifiedSpecified valueSpecified valueSpecified value
### # SCIM Group type examples ## Operations This page shows the operations that can be performed for the Group Type object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OUType ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "CC", "description": "Cost Center", "id": 504761 }, { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504762", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "PC", "description": "Productive center", "id": 504762 } ] } ``` ### List by filter List all group types with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OUType?filter=description co Cost ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "CC", "description": "Cost Center", "id": 504761 } ] } ``` ### Query by id Query a group type by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OUType/504761 ``` ##### Response 200 OK ```JSON { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "CC", "description": "Cost Center", "id": 504761 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/OUType ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Role" ], "name": "App Billing Role", "description": "Role Admin for Billing application", "informationSystemName": "Operation/Business 2/App Billing", "system": "test", "password": false, "bpmEnabled": false, "enableByDefault": false, "granteeGroups": [], "ownedRoles": [], "ownerGroups": [], "ownerRoles": [] } ``` ##### Response 201 Created ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "NewOU", "description": "New OU" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/OUType/1976710 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "name", "value": "OU" } ] } ``` ##### Response 200 OK ```JSON { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "OU", "description": "New OU", "id": 1976710 } ``` ### Update all This operation replaces all values in the group type. - Note that the attribute id is required to confirm that the resource "...OUType/<id>" is the same that the JSON group type. - Note that all the attributes not included in the request will be cleared in the group type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Role/1976590 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "id": 1976710, "name": "ChangeOU" } ``` ##### Response 200 OK ```JSON { "roleHolder": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710", "resourceType": "OUType" }, "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "name": "ChangeOU", "id": 1976710 } ``` ### Delete

Please note after this delete, the group type has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/OUType/1976710 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM User type examples ## Operations This page shows the operations that can be performed for the user type object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/UserType ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "S", "description": "SSO account (USE IT)", "id": 29 }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/31", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "E", "description": "External user", "id": 31 }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "I", "description": "Internal user", "id": 33 } ] } ``` ### List by filter List all user types with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/UserType?filter=description co sso ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "S", "description": "SSO account (USE IT)", "id": 29 } ] } ``` ### Query by id Query a user type by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/UserType/33 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "I", "description": "Internal user", "id": 33 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/UserType ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "O", "description": "Other user", "unmanaged": false } ``` ##### Response 201 Created ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "O", "description": "Other user", "id": 1976718 } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/UserType/1976718 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "name", "value": "OT" } ] } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "OT", "description": "Other user", "id": 1976718 } ``` ### Update all This operation replaces all values in the roole. - Note that the attribute id is required to confirm that the resource "...UserType/<id>" is the same that the JSON user type. - Note that all the attributes not included in the request will be cleared in the user type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/UserType/1976718 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.OUType" ], "id": 1975535, "name": "OY" } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718", "resourceType": "UserType" }, "unmanaged": false, "schemas": [ "urn:soffid:com.soffid.iam.api.UserType" ], "name": "OY", "id": 1976718 } ``` ### Delete

Please note after this delete, the user type has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/UserType/1976718 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM GroupUser examples ## Operations This page shows the operations that can be performed for the object that establishes the relationship between groups and users. You can add, delete and or modify users in a group. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/GroupUser ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 25, "startIndex": 1, "Resources": [ { "groupDescription": "Enterprise", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/480412", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2020-07-02 12:14:48", "fullName": "test User", "disabled": false, "attributes": {}, "id": 480412, "user": "test2", "primaryGroup": false, "group": "enterprise" }, { "groupDescription": "World Modified", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/503629", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2020-08-06 15:52:12", "fullName": "test User", "end": "2021-02-26 13:05:44", "disabled": true, "attributes": {}, "id": 503629, "user": "test2", "primaryGroup": false, "group": "world2" }, { "groupDescription": "Enterprise Administrators Group", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1182887", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2020-12-31 16:48:58", "fullName": "John Smith", "disabled": false, "attributes": { "comments": "This is a test", "startDate": "2021-01-01 00:00:00" }, "id": 1182887, "user": "jsmith", "primaryGroup": false, "group": "admingroup" }, ........... ] } ``` ### List by filter List all GroupUsers with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/GroupUser?filter=groupDescription eq "Help desk support team" ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 15, "startIndex": 1, "Resources": [ { "groupDescription": "Help desk support team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1519688", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2021-02-20 17:59:15", "fullName": "Dilbert ADAMS .", "end": "2021-03-12 10:38:42", "disabled": true, "attributes": { "comments": "Comments", "startDate": "2021-02-20 00:00:00" }, "id": 1519688, "user": "dilbert", "primaryGroup": false, "group": "it" }, { "groupDescription": "Help desk support team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2021-05-05 12:49:51", "fullName": "John Smith", "disabled": false, "attributes": { "startDate": "2021-05-04 00:00:00" }, "id": 1974296, "user": "jsmith", "primaryGroup": false, "group": "it" }, ............... ] } ``` ### Query by id Query a GroupUser by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/GroupUser/1974296 ``` ##### Response 200 OK ```JSON { "groupDescription": "Help desk support team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2021-05-05 12:49:51", "fullName": "John Smith", "disabled": false, "attributes": { "startDate": "2021-05-04 00:00:00" }, "id": 1974296, "user": "jsmith", "primaryGroup": false, "group": "it" } ``` ### Create This option allows you to add a user to a specific group. #### Request ```XML POST http:///soffid/webservice/scim2/v1/GroupUser ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "group": "it", "groupDescription": "Help desk support team", "user": "ckelp", "fullName": "Casey Kelp", "primaryGroup": true, "attributes": {} } ``` ##### Response 201 Created ```JSON { "groupDescription": "Help desk support team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2021-05-11 10:39:23", "fullName": "Casey Kelp", "disabled": false, "attributes": {}, "id": 1976741, "user": "ckelp", "primaryGroup": true, "group": "it" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "groupDescription", "value": "Enterprise engineering team" }, { "op": "replace", "path": "group", "value": "EngineeringTeam" } ] } ``` ##### Response 200 OK ```JSON { "groupDescription": "Enterprise engineering team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "start": "2021-05-11 10:39:23", "fullName": "Casey Kelp", "disabled": false, "attributes": {}, "id": 1976741, "user": "ckelp", "primaryGroup": true, "group": "EngineeringTeam" } ``` ### Update all This operation replaces all values in the GroupUser. - Note that the attribute id is required to confirm that the resource "...GroupUser/<id>" is the same that the JSON GroupUser. - Note that all the attributes not included in the request will be cleared in the GroupUser type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "id": 1976741, "group": "it", "groupDescription": "Help desk support team", "user": "ckelp", "fullName": "Casey Kelp", "primaryGroup": true, "attributes": {} } ``` ##### Response 200 OK ```JSON { "groupDescription": "Help desk support team", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741", "resourceType": "GroupUser" }, "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "fullName": "Casey Kelp", "disabled": false, "attributes": {}, "id": 1976741, "user": "ckelp", "primaryGroup": true, "group": "it" } ``` ### Delete This option allows you to remove a user from a specific group.

Please note after this delete, the group user has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM RoleAccount examples ## Operations This page shows the operations that can be performed for the object that establishes the relationship between roles and accounts. You can assign, revoke and or modify roles to an account. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/RoleAccount ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3530, "startIndex": 1, "itemsPerPage": 100, "Resources": [ { "certificationDate": "2020-02-13 23:01:44", "accountSystem": "soffid", "accountName": "admin", "userGroupCode": "admingroup", "approvalPending": false, "userFullName": "Soffid Administrator", "bpmEnforced": "S", "userCode": "admin", "enabled": true, "accountId": 103, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_ADMIN", "removalPending": false, "id": 110, "roleDescription": "SOFFID Administrator", "startDate": "2020-02-13 12:00:00" }, { "certificationDate": "2020-12-15 10:48:44", "accountSystem": "soffid", "accountName": "admin", "userGroupCode": "admingroup", "approvalPending": false, "userFullName": "Soffid Administrator", "bpmEnforced": "N", "userCode": "admin", "ruleDescription": "Grants soffid user role to everyone", "enabled": true, "accountId": 103, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1059370", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_USER", "removalPending": false, "id": 1059370, "ruleId": 1059365, "roleDescription": "Soffid user", "startDate": "2020-12-15 00:00:00" }, ................ ] } ``` ### List by filter List all RoleAccounts with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/soffid/webservice/scim2/v1/RoleAccount?filter=enabled eq true and system eq soffid ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 67, "startIndex": 1, "Resources": [ { "certificationDate": "2020-02-13 23:01:44", "accountSystem": "soffid", "accountName": "admin", "userGroupCode": "admingroup", "approvalPending": false, "userFullName": "Soffid Administrator", "bpmEnforced": "S", "userCode": "admin", "enabled": true, "accountId": 103, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_ADMIN", "removalPending": false, "id": 110, "roleDescription": "SOFFID Administrator", "startDate": "2020-02-13 12:00:00" }, { "certificationDate": "2020-12-13 19:30:51", "accountSystem": "soffid", "accountName": "gbuades", "userGroupCode": "enterprise", "approvalPending": false, "userFullName": "Gabriel Buades ..", "bpmEnforced": "S", "userCode": "gbuades", "enabled": true, "accountId": 1039860, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1039866", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_ADMIN", "removalPending": false, "id": 1039866, "roleDescription": "SOFFID Administrator", "startDate": "2020-12-13 12:00:00" }, ................... ] } ``` ### Query by id Query a RoleAccount by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/RoleAccount/110 ``` ##### Response 200 OK ```JSON { "certificationDate": "2020-02-13 23:01:44", "accountSystem": "soffid", "accountName": "admin", "userGroupCode": "admingroup", "approvalPending": false, "userFullName": "Soffid Administrator", "bpmEnforced": "S", "userCode": "admin", "enabled": true, "accountId": 103, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_ADMIN", "removalPending": false, "id": 110, "roleDescription": "SOFFID Administrator", "startDate": "2020-02-13 12:00:00" } ``` ### Create This option allows you to assign a role to a specific account. #### Request ```XML POST http:///soffid/webservice/scim2/v1/RoleAccount ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "accountName": "ckelp", "userFullName": "Casey Kelp", "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "roleName": "SOFFID_ADMIN", "roleDescription": "SOFFID Administrator", "bpmEnforced": "N", "enabled": true, "approvalPending": false, "certificationDate": "2021-05-10 12:00:00", "startDate": "2021-05-10 12:00:00" } ``` ##### Response 201 Created ```JSON { "certificationDate": "2021-05-12 07:20:36", "accountSystem": "soffid", "accountName": "ckelp", "userGroupCode": "it", "approvalPending": false, "userFullName": "Casey Kelp", "bpmEnforced": "S", "userCode": "ckelp", "enabled": true, "accountId": 1976677, "informationSystemName": "Operation/Business 2/SOFFID", "system": "soffid", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1976862", "resourceType": "RoleAccount" }, "schemas": [ "urn:soffid:com.soffid.iam.api.RoleAccount" ], "roleName": "SOFFID_ADMIN", "removalPending": false, "id": 1976862, "roleDescription": "SOFFID Administrator", "startDate": "2021-05-10 12:00:00" } ``` ### Delete This option allows you to revoke a role to a specific account. > If you have installed the **User snapshot backup addon** when you delete a RoleAccount, it will be disabled, but never deleted from the database. If you don not have installed the **User snapshot backup addon**, when you delete the RoleAccount, it will be deleted from the database.

Please note after this delete, the RoleAccount has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/RoleAccount/1976862 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Host examples ## Operations This page shows the operations that can be performed for the host object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Host ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 12, "startIndex": 1, "Resources": [ { "serialNumber": "soffid.bubu.lab:192.168.133.1", "os": "ALT", "mail": false, "ip": "192.168.133.1", "dynamicIp": true, "description": "Autocreated on 12/13/20 6:49:34 PM", "office": false, "lastSeen": "2020-12-13 18:49:34", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1039055", "resourceType": "Host" }, "networkCode": "internal", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "soffid.bubu.lab", "id": 1039055, "hostAlias": [], "printersServer": false }, { "os": "ALT", "mail": false, "ip": "10.129.120.4", "dynamicIp": false, "description": "Discovered host iam.soffid.com", "office": false, "lastSeen": "2021-04-05 20:06:19", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093", "resourceType": "Host" }, "networkCode": "lab1", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "iam.soffid.com", "id": 1793093, "hostAlias": [], "printersServer": false }, ........ ] } ``` ### List by filter List all Hosts with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Host?filter=os eq LIN and name co archiva ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "os": "LIN", "mail": false, "ip": "10.129.120.2", "dynamicIp": false, "description": "Discovered host archiva.dev.lab", "office": false, "lastSeen": "2021-04-05 20:04:49", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793026", "resourceType": "Host" }, "networkCode": "lab1", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "archiva.dev.lab", "id": 1793026, "hostAlias": [], "printersServer": false } ] } ``` ### Query by id Query a Host by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Host/1793093 ``` ##### Response 200 OK ```JSON { "os": "ALT", "mail": false, "ip": "10.129.120.4", "dynamicIp": false, "description": "Discovered host iam.soffid.com", "office": false, "lastSeen": "2021-04-05 20:06:19", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093", "resourceType": "Host" }, "networkCode": "lab1", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "iam.soffid.com", "id": 1793093, "hostAlias": [], "printersServer": false } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/Host ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "billing.dev.lab", "description": "Host billing.dev.lab", "os": "LIN", "mail": false, "dynamicIp": false, "networkCode": "internal", "hostAlias": [ "aliasHost_1", "aliasHost_2" ], "serialNumber": "123456789", "printersServer": false } ``` ##### Response 201 Created ```JSON { "serialNumber": "123456789", "os": "LIN", "mail": false, "dynamicIp": false, "description": "Host billing.dev.lab", "office": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899", "resourceType": "Host" }, "networkCode": "internal", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "billing.dev.lab", "id": 1976899, "hostAlias": [ "aliasHost_1", "aliasHost_2" ], "printersServer": false } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/Host/1976899 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "networkCode", "value": "Lab1" }, { "op": "add", "path": "hostAlias", "value": [ "aliasHost_3", "aliasHost_4" ] } ] } ``` ##### Response 200 OK ```JSON { "serialNumber": "123456789", "os": "LIN", "mail": false, "dynamicIp": false, "description": "Host billing.dev.lab", "office": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899", "resourceType": "Host" }, "networkCode": "Lab1", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "billing.dev.lab", "id": 1976899, "hostAlias": [ "aliasHost_1", "aliasHost_2", "aliasHost_3", "aliasHost_4" ], "printersServer": false } ``` ### Update all This operation replaces all values in the Hosts. - Note that the attribute id is required to confirm that the resource "...Host/<id>" is the same that the JSON Host. - Note that all the attributes not included in the request will be cleared in the Host type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Host/1976899 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "id": 1976899, "name": "billing.dev.lab", "description": "Host billing.dev.lab", "os": "LIN", "mail": false, "dynamicIp": false, "networkCode": "internal", "printersServer": false } ``` ##### Response 200 OK ```JSON { "os": "LIN", "mail": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899", "resourceType": "Host" }, "networkCode": "internal", "schemas": [ "urn:soffid:com.soffid.iam.api.Host" ], "name": "billing.dev.lab", "dynamicIp": false, "description": "Host billing.dev.lab", "id": 1976899, "hostAlias": [], "printersServer": false } ``` ### Delete

Please note after this delete, the host has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/Host/1976899 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM MailDomain examples ## Operations This page shows the operations that can be performed for the MailDomain object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailDomain ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "soffid.com", "obsolete": false, "description": "Soffid", "id": 523263 }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "soffid.org", "obsolete": false, "description": "Old Domain", "id": 523265 } ] } ``` ### List by filter List all Mail domain with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailDomain?filter=obsolete eq false and description co old ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "soffid.org", "obsolete": false, "description": "Old Domain", "id": 523265 } ] } ``` ### Query by id Query a Mail Domain by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailDomain/523263 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "soffid.com", "obsolete": false, "description": "Soffid", "id": 523263 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/MailDomain ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "newdomain.com", "obsolete": false, "description": "New Domain" } ``` ##### Response 201 Created ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "newdomain.com", "obsolete": false, "description": "New Domain", "id": 1976941 } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/MailDomain/1976941 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "description", "value": "New domain (xxx)" }, { "op": "replace", "path": "obsolete", "value": "true" } ] } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "newdomain.com", "obsolete": true, "description": "New domain (xxx)", "id": 1976941 } ``` ### Update all This operation replaces all values in the Mail Domain. - Note that the attribute id is required to confirm that the resource "...MailDomain/<id>" is the same that the JSON MailDomain. - Note that all the attributes not included in the request will be cleared in the MailDomain type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/MailDomain/1976941 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "id": 1976941, "name": "newdomain.com", "obsolete": false, "description": "New Domain" } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941", "resourceType": "MailDomain" }, "schemas": [ "urn:soffid:com.soffid.iam.api.MailDomain" ], "name": "newdomain.com", "obsolete": false, "description": "New Domain", "id": 1976941 } ``` ### Delete

Please note after this delete, the mail domain has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/MailDomain/1976941 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM MailList examples ## Operations This page shows the operations that can be performed for the MailList object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailList ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "groupMembers": [], "usersList": [ "admin", "test2" ], "description": "Test email", "externalList": [], "explodedUsersList": [ "test2", "admin" ], "roleMembers": [], "lists": [ "test@soffid.com" ], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071", "resourceType": "MailList" }, "domainName": "soffid.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "test", "attributes": {}, "id": 524071, "listsBelong": "test@soffid.com" }, { "groupMembers": [], "usersList": [], "externalList": [], "explodedUsersList": [], "roleMembers": [], "lists": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976100", "resourceType": "MailList" }, "domainName": "soffid.org", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "mailList", "attributes": {}, "id": 1976100, "listsBelong": "" }, ...... ] } ``` ### List by filter List all MailList with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailList?filter=description co test ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "groupMembers": [], "usersList": [ "admin", "test2" ], "description": "Test email", "externalList": [], "explodedUsersList": [ "test2", "admin" ], "roleMembers": [], "lists": [ "test@soffid.com" ], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071", "resourceType": "MailList" }, "domainName": "soffid.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "test", "attributes": {}, "id": 524071, "listsBelong": "test@soffid.com" }, { "groupMembers": [], "usersList": [ "dilbert", "admin" ], "description": "Test email mailList", "externalList": [], "explodedUsersList": [ "dilbert", "admin" ], "roleMembers": [], "lists": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976181", "resourceType": "MailList" }, "domainName": "soffid.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "mailList2", "attributes": {}, "id": 1976181, "listsBelong": "" } ] } ``` ### Query by id Query a MailList by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/MailList/524071 ``` ##### Response 200 OK ```JSON { "groupMembers": [], "usersList": [ "admin", "test2" ], "description": "Test email", "externalList": [], "explodedUsersList": [ "test2", "admin" ], "roleMembers": [], "lists": [ "test@soffid.com" ], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071", "resourceType": "MailList" }, "domainName": "soffid.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "test", "attributes": {}, "id": 524071, "listsBelong": "test@soffid.com" } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/MailList ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "billingMailList", "domainName": "newdomain.com", "description": "Test email mailList", "usersList": [ "admin", "dilbert" ] } ``` ##### Response 201 Created ```JSON { "groupMembers": [], "usersList": [ "dilbert", "admin" ], "description": "Test email mailList", "externalList": [], "explodedUsersList": [ "dilbert", "admin" ], "roleMembers": [], "lists": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957", "resourceType": "MailList" }, "domainName": "newdomain.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "billingMailList", "attributes": {}, "id": 1976957, "listsBelong": "" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` **JSON** ```JSON { "Operations": [ { "op": "remove", "path": "usersList", "value": [ "admin", "dilbert" ] } ] } ``` ##### Response 200 OK ```JSON { "groupMembers": [], "description": "Test email mailList", "externalList": [], "explodedUsersList": [ "dilbert", "admin" ], "roleMembers": [], "lists": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957", "resourceType": "MailList" }, "domainName": "newdomain.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "billingMailList", "attributes": {}, "id": 1976957, "listsBelong": "" } ``` ### Update all This operation replaces all values in the MailList. - Note that the attribute id is required to confirm that the resource "...MailList/<id>" is the same that the JSON MailList. - Note that all the attributes not included in the request will be cleared in the MailList type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/MailList/1976957 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "id": 1976957, "name": "mailList", "domainName": "newdomain.com" } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957", "resourceType": "MailList" }, "domainName": "newdomain.com", "schemas": [ "urn:soffid:com.soffid.iam.api.MailList" ], "name": "mailList", "attributes": {}, "id": 1976957 } ``` ### Delete

Please note after this delete, the mail list has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/MailList/1976957 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Network examples ## Operations This page shows the operations that can be performed for the Network object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Network ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 6, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/67", "resourceType": "Network" }, "ip": "127.0.0.0", "lanAccess": false, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "loopback", "description": "Description", "id": 67, "mask": "255.255.255.128", "dhcpSupport": false }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/505167", "resourceType": "Network" }, "ip": "172.0.0.0", "lanAccess": false, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "int1", "description": "Internal network 1", "id": 505167, "mask": "255.240.0.0", "dhcpSupport": false }, ............... ] } ``` ### List by filter List all Networks with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Network?filter=description co labora ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790267", "resourceType": "Network" }, "ip": "10.129.120.0", "lanAccess": false, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "lab1", "description": "Laboratory network 1", "id": 1790267, "mask": "255.255.255.0", "dhcpSupport": false }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790319", "resourceType": "Network" }, "ip": "10.129.121.0", "lanAccess": false, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "lab2", "description": "Laboratory network 2", "id": 1790319, "mask": "255.255.255.0", "dhcpSupport": false }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1858961", "resourceType": "Network" }, "ip": "10.129.122.0", "lanAccess": true, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "lab3", "description": "Laboratory network", "id": 1858961, "mask": "255.255.255.0", "dhcpSupport": false } ] } ``` ### Query by id Query a Network by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Network/1038187 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1038187", "resourceType": "Network" }, "ip": "192.168.133.0", "lanAccess": true, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "internal", "description": "Internal Network", "loginRestriction": false, "id": 1038187, "mask": "255.255.255.0", "dhcpSupport": true } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/Network ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "Laboratory", "description": "Laboratory Network", "ip": "192.168.123.0", "mask": "255.255.255.0", "loginRestriction": false, "lanAccess": true, "dhcpSupport": true } ``` ##### Response 201 Created ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114", "resourceType": "Network" }, "ip": "192.168.123.0", "lanAccess": true, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "Laboratory", "description": "Laboratory Network", "loginRestriction": false, "id": 1977114, "mask": "255.255.255.0", "dhcpSupport": true } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/Network/1977114 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "ip", "value": "192.168.125.0" } ] } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114", "resourceType": "Network" }, "ip": "192.168.123.0", "lanAccess": true, "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "Laboratory", "description": "Laboratory Network", "loginRestriction": false, "id": 1977114, "mask": "255.255.255.0", "dhcpSupport": true } ``` ### Update all This operation replaces all values in the Network. - Note that the attribute id is required to confirm that the resource "...Network/<id>" is the same that the JSON Network. - Note that all the attributes not included in the request will be cleared in the Network type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Network/1977114 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "id": 1977114, "name": "Laboratory", "ip": "192.168.123.0", "mask": "255.255.255.0" } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114", "resourceType": "Network" }, "ip": "192.168.123.0", "schemas": [ "urn:soffid:com.soffid.iam.api.Network" ], "name": "Laboratory", "id": 1977114, "mask": "255.255.255.0", "dhcpSupport": false } ``` ### Delete

Please note after this delete, the network has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/Network/1977114 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM DomainValue examples ## Operations This page shows the operations that can be performed for the DomainValue object. The DomainValue is related to Information Systems. > Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/DomainValue ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623", "resourceType": "DomainValue" }, "domainName": "Zone", "externalCodeDomain": "Operation", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "Twenty", "id": 499623, "value": "20" }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499629", "resourceType": "DomainValue" }, "domainName": "Zone", "externalCodeDomain": "Operation", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "Eleven", "id": 499629, "value": "10" }, ............. ] } ``` ### List by filter List all DomainValues with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/DomainValue?filter=description co Tw ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623", "resourceType": "DomainValue" }, "domainName": "Zone", "externalCodeDomain": "Operation", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "Twenty", "id": 499623, "value": "20" } ] } ``` ### Query by id Query a DomainValue by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/DomainValue/802012 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/802012", "resourceType": "DomainValue" }, "domainName": "Company", "externalCodeDomain": "Operation/Business 2/SOFFID", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "Soffid", "id": 802012, "value": "Soffid" } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/DomainValue ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "domainName": "Company", "externalCodeDomain": "Operation/Business 2/SOFFID", "description": "bubble", "value": "bubble" } ``` ##### Response 201 Created ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131", "resourceType": "DomainValue" }, "domainName": "Company", "externalCodeDomain": "Operation/Business 2/SOFFID", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "bubble", "id": 1977131, "value": "bubble" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "description", "value": "Bubble description" } ] } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131", "resourceType": "DomainValue" }, "domainName": "Company", "externalCodeDomain": "Operation/Business 2/SOFFID", "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "description": "Bubble description", "id": 1977131, "value": "bubble" } ``` ### Update all This operation replaces all values in the DomainValue. - Note that the attribute id is required to confirm that the resource "...DomainValue/<id>" is the same that the JSON DomainValue. - Note that all the attributes not included in the request will be cleared in the DomainValue type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit the [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/DomainValue/1977131 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.GroupUser" ], "id": 1976741, "group": "it", "groupDescription": "Help desk support team", "user": "ckelp", "fullName": "Casey Kelp", "primaryGroup": true, "attributes": {} } ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.DomainValue" ], "id": 1977131, "domainName": "Company", "externalCodeDomain": "Operation/Business 2/SOFFID", "description": "New bubble", "value": "Newbubble" } ``` ### Delete

Please note after this delete, the DomainValue has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/DomainValue/1977131 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM VaultFolder examples ## Operations This page shows the operations that can be performed for the VaultFolder object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/VaultFolder/ ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [], "navigateRoles": [], "description": "Accounts that won't be shared", "personal": true, "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Personal accounts", "managerUsers": [], "navigateGroups": [], "id": 368461, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] }, { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [ "test2", "admin" ], "navigateRoles": [], "description": "Password vault", "personal": false, "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "vault", "managerUsers": [], "navigateGroups": [], "id": 515461, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] }, ............ ] } ``` ### List by filter List all VaultFolders with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/VaultFolder/?filter=personal eq true ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [], "navigateRoles": [], "description": "Accounts that won't be shared", "personal": true, "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Personal accounts", "managerUsers": [], "navigateGroups": [], "id": 368461, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] } ] } ``` ### Query by id Query a VaultFolder by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/VaultFolder/515461 ``` ##### Response 200 OK ```JSON { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [ "test2", "admin" ], "navigateRoles": [], "description": "Password vault", "personal": false, "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "vault", "managerUsers": [], "navigateGroups": [], "id": 515461, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/VaultFolder ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Folder Billing", "description": "Folder Billing", "parentFolder": "vault", "parentId": 515461, "personal": false, "accessLevel": "M", "ownerUsers": [ "admin" ], "navigateUsers": [ "admin" ] } ``` ##### Response 201 Created ```JSON { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [ "admin" ], "navigateRoles": [], "description": "Folder Billing", "personal": false, "parentId": 515461, "parentFolder": "vault", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Folder Billing", "managerUsers": [], "navigateGroups": [], "id": 1977703, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/VaultFolder/1977703 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "description", "value": "Vault folder billing" }, { "op": "add", "path": "navigateUsers", "value": [ "dilbert", "asea" ] } ] } ``` ##### Response 200 OK ```JSON { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [ "asea", "dilbert", "admin" ], "navigateRoles": [], "description": "Vault folder billing", "personal": false, "parentId": 515461, "parentFolder": "vault", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Folder Billing", "managerUsers": [], "navigateGroups": [], "id": 1977703, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] } ``` ### Update all This operation replaces all values in the VaultFolder. - Note that the attribute id is required to confirm that the resource "...VaultFolder/<id>" is the same that the JSON VaultFolder. - Note that all the attributes not included in the request will be cleared in the GroupUser type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/VaultFolder/1977703 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "id": 1977703, "name": "Folder Billing", "description": "Folder Billing", "parentFolder": "vault", "parentId": 515461, "personal": false, "accessLevel": "M", "ownerUsers": [ "admin" ] } ``` ##### Response 200 OK ```JSON { "grantedRoles": [], "accessLevel": "O", "managerRoles": [], "navigateUsers": [], "navigateRoles": [], "description": "Folder Billing", "personal": false, "parentId": 515461, "parentFolder": "vault", "ownerGroups": [], "ownerRoles": [], "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703", "resourceType": "VaultFolder" }, "schemas": [ "urn:soffid:com.soffid.iam.api.VaultFolder" ], "name": "Folder Billing", "managerUsers": [], "navigateGroups": [], "id": 1977703, "grantedGroups": [], "managerGroups": [], "grantedUsers": [], "ownerUsers": [ "admin" ] } ``` ### Delete

Please note after this delete, the VaultFolder has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/VaultFolder/1977703 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM System examples ## Operations This page shows the operations that can be performed for the Systems object (Agents). ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/System ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 16, "startIndex": 1, "Resources": [ { "accessControl": false, "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": false, "description": "Soffid system", "groups": "", "threads": 1, "className": "- no class -", "userTypes": "I", "groupsList": [], "readOnly": false, "passwordsDomain": "DEFAULT", "timeStamp": "2020-04-18 19:32:37", "rolebased": true, "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/44", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "soffid", "id": 44, "passwordsDomainId": 27, "tenant": "master", "generateTasksOnLoad": true }, { "accessControl": false, "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": false, "description": "External SSO accounts", "groups": "admingroup,enterprise", "threads": 1, "className": "com.soffid.iam.sync.sso.agent.SSOAgent", "userTypes": "S,I", "groupsList": [ "admingroup", "enterprise" ], "readOnly": false, "url": "local", "passwordsDomain": "DEFAULT", "timeStamp": "2020-09-21 10:17:38", "rolebased": false, "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/47", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "SSO", "id": 47, "manualAccountCreation": true, "passwordsDomainId": 27, "tenant": "master", "generateTasksOnLoad": true }, ................ ] } ``` ### List by filter List all Systems with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/System?filter=description co 10.129. ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "accessControl": false, "description": "Discovered host 10.129.122.22", "className": "com.soffid.iam.sync.agent.SimpleSSHAgent", "userTypes": "", "passwordsDomain": "DEFAULT", "rolebased": false, "id": 1885153, "manualAccountCreation": true, "tenant": "master", "generateTasksOnLoad": false, "param7": "false", "usersDomain": "DEFAULT", "param6": "UTF-8", "fullReconciliation": true, "authoritative": false, "sharedDispatcher": true, "param0": "soffid", "groups": "", "threads": 1, "groupsList": [], "readOnly": false, "param3": "10.129.122.22", "param4": "true", "url": "local", "param2": "517y1hF40k4=", "timeStamp": "2021-04-23 12:23:15", "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1885153", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "10.129.122.22", "passwordsDomainId": 27 }, { "accessControl": false, "description": "Discovered host 10.129.122.25", "className": "com.soffid.iam.sync.agent.SimpleWindowsAgent", "userTypes": "", "passwordsDomain": "DEFAULT", "rolebased": false, "id": 1890334, "manualAccountCreation": true, "tenant": "master", "generateTasksOnLoad": false, "param7": "false", "usersDomain": "DEFAULT", "fullReconciliation": true, "authoritative": false, "sharedDispatcher": true, "param0": "Administrador", "groups": "", "threads": 1, "groupsList": [], "readOnly": false, "param3": "10.129.122.25", "param4": "true", "url": "local", "param2": "VFJV1pSRfE7s", "timeStamp": "2021-04-23 20:00:34", "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1890334", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "10.129.122.25", "passwordsDomainId": 27 } ] } ``` ### Query by id Query a System by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/System/389082 ``` ##### Response 200 OK ```JSON { "accessControl": true, "description": "Active Directory.", "className": "com.soffid.iam.sync.agent2.CustomizableActiveDirectoryAgent", "userTypes": "I", "passwordsDomain": "DEFAULT", "rolebased": true, "id": 389082, "manualAccountCreation": false, "tenant": "master", "generateTasksOnLoad": true, "param7": "true", "param8": "true", "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": true, "sharedDispatcher": false, "param0": "ad.bubu.lab", "groups": "", "threads": 1, "groupsList": [], "readOnly": false, "param3": "C27Nv4vjbIsI", "url": "https://soffid.bubu.lab:1760/", "param1": "dc=ad,dc=bubu,dc=lab", "param2": "ad\\Administrator", "timeStamp": "2021-04-07 09:31:59", "trusted": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/389082", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "ad", "passwordsDomainId": 27 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/System ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "SQLRRHH", "description": "SQL RRHH test", "className": "com.soffid.iam.sync.agent.SQLAgent2", "userTypes": "E,I", "passwordsDomain": "DEFAULT", "usersDomain": "DEFAULT" } ``` ##### Response 201 Created ```JSON { "accessControl": false, "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": false, "description": "SQL RRHH test", "groups": "", "threads": 1, "className": "com.soffid.iam.sync.agent.SQLAgent2", "userTypes": "I,E", "groupsList": [], "readOnly": false, "passwordsDomain": "DEFAULT", "timeStamp": "2021-05-12 10:58:35", "rolebased": false, "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "SQLRRHH", "id": 1977157, "passwordsDomainId": 27, "tenant": "master", "generateTasksOnLoad": false } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/System/1977157 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "param0", "value": "user" }, { "op": "replace", "path": "param1", "value": "password" }, { "op": "replace", "path": "param2", "value": "jdbc:mysql://localhost/personal" } ] } ``` ##### Response 200 OK ```JSON { "accessControl": false, "description": "SQL RRHH test", "className": "com.soffid.iam.sync.agent.SQLAgent2", "userTypes": "I,E", "passwordsDomain": "DEFAULT", "rolebased": false, "id": 1977157, "tenant": "master", "generateTasksOnLoad": false, "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": false, "param0": "user", "groups": "", "threads": 1, "groupsList": [], "readOnly": false, "param1": "password", "param2": "jdbc:mysql://localhost/personal", "timeStamp": "2021-05-12 10:59:44", "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "SQLRRHH", "passwordsDomainId": 27 } ``` ### Update all This operation replace all values in the System. - Note that the attribute id is required to confirm that the resource "...System/<id>" is the same that the JSON System. - Note that all the attributes not included in the request will be cleared in the System type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/System/1977157 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "id": 1977157, "name": "SQLRRHH", "description": "SQL RRHH test", "className": "com.soffid.iam.sync.agent.SQLAgent2", "userTypes": "E,I", "passwordsDomain": "DEFAULT", "usersDomain": "DEFAULT" } ``` ##### Response 200 OK ```JSON { "accessControl": false, "usersDomain": "DEFAULT", "fullReconciliation": false, "authoritative": false, "description": "SQL RRHH test", "groups": "", "threads": 1, "className": "com.soffid.iam.sync.agent.SQLAgent2", "userTypes": "I,E", "groupsList": [], "readOnly": false, "passwordsDomain": "DEFAULT", "timeStamp": "2021-05-12 11:02:49", "rolebased": false, "trusted": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157", "resourceType": "System" }, "schemas": [ "urn:soffid:com.soffid.iam.api.System" ], "name": "SQLRRHH", "id": 1977157, "passwordsDomainId": 27, "tenant": "master", "generateTasksOnLoad": false } ``` ### Delete

Please note after this delete, the System has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/System/1977157 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM CustomObject examples ## Operations This page shows the operations that can be performed for the CustomObjects object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/CustomObject ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 6, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/CustomObject/848157", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "aa", "description": "aaa", "attributes": { "address": "2" }, "id": 848157, "type": "building" }, { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "ES", "description": "Spain", "attributes": { "language": "English" }, "id": 1510208, "type": "country" }, .......... ] } ``` ### List by filter List all CustomObjects with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/CustomObject?filter=description eq Spain ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "ES", "description": "Spain", "attributes": { "language": "English" }, "id": 1510208, "type": "country" } ] } ``` ### Query by id Query a CustomObject by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/CustomObject/848062 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/848062", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "HQ", "description": "Headquarters", "attributes": { "address": "1" }, "id": 848062, "type": "building" } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/CustomObject ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "IT", "description": "Italy", "type": "country", "attributes": { "language": "English" } } ``` ##### Response 201 Created ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "IT", "description": "Italy", "attributes": { "language": "English" }, "id": 1977187, "type": "country" } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/CustomObject/1977187 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "attributes", "value": { "language": "German" } } ] } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "IT", "description": "Italy", "attributes": { "language": "German" }, "id": 1977187, "type": "country" } ``` ### Update all This operation replaces all values in the CustomObject. - Note that the attribute id is required to confirm that the resource "...CustomObject/<id>" is the same that the JSON CustomObject. - Note that all the attributes not included in the request will be cleared in the CustomObject type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/CustomObject/1977187 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "id": 1977187, "name": "IT", "description": "Italy", "type": "country", "attributes": { "language": "English" } } ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187", "resourceType": "CustomObject" }, "schemas": [ "urn:soffid:com.soffid.iam.api.CustomObject" ], "name": "IT", "description": "Italy", "attributes": { "language": "English" }, "id": 1977187, "type": "country" } ``` ### Delete

Please note after this delete, the CustomObject has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/CustomObject/1977187 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM ProcessDefinition examples ## Operations This page shows the operations that can be performed for the ProcessDefinitions object ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessDefinition ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 8, "startIndex": 1, "Resources": [ { "author": "admin", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1474063", "resourceType": "ProcessDefinition" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" ], "name": "User registration", "deployed": "2021-02-11 16:42:08", "tag": "27", "id": 1474063, "version": 27, "enabled": true }, { "author": "admin", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694", "resourceType": "ProcessDefinition" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" ], "name": "User request", "deployed": "2021-04-15 16:10:11", "tag": "19", "id": 1857694, "version": 19, "enabled": true }, ............. ] } ``` ### List by filter List all ProcessDefinitions with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessDefinition?filter=name co request ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "author": "admin", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1946303", "resourceType": "ProcessDefinition" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" ], "name": "Permissions request", "deployed": "2021-04-30 08:48:58", "tag": "23", "id": 1946303, "type": "RoleApproval", "version": 23, "enabled": true }, { "author": "admin", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694", "resourceType": "ProcessDefinition" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" ], "name": "User request", "deployed": "2021-04-15 16:10:11", "tag": "19", "id": 1857694, "version": 19, "enabled": true } ] } ``` ### Query by id Query a ProcessDefinition by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessDefinition/1857694 ``` ##### Response 200 OK ```JSON { "author": "admin", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694", "resourceType": "ProcessDefinition" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition" ], "name": "User request", "deployed": "2021-04-15 16:10:11", "tag": "19", "id": 1857694, "version": 19, "enabled": true } ``` ### Create This operation is not allowed. ### Update partial This operation is not allowed. ### Update all This operation is not allowed. ### Delete This operation is not allowed. ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM ProcessInstance examples ## Operations This page shows the operations that can be performed for the ProcessInstances object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessInstance ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 311, "startIndex": 1, "Resources": [ { "dummyProcess": false, "variables": {}, "comments": [ { "actor": "admin Soffid Administrator", "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.Comment" ], "time": "2020-09-30 09:57:15", "message": "Comentario" } ], "processDefinition": 628635, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626161", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2020-09-29 20:34:46", "currentTask": "Entrada de la consulta", "description": "Consultar la base de datos", "end": "2020-11-11 15:05:48", "id": 626161 }, { "dummyProcess": false, "variables": {}, "comments": [], "processDefinition": 628635, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626179", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2020-09-29 20:35:22", "currentTask": "Entrada de la consulta", "description": "Consultar la base de datos", "end": "2020-11-11 15:05:44", "id": 626179 }, .......... ] } ``` ### List by filter List all ProcessInstances with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessInstance?filter=description co Permission and currentTask eq Start ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 8, "startIndex": 1, "Resources": [ { "dummyProcess": false, "variables": { "requester": "admin", "grants": [], "requesterName": "Soffid Administrator" }, "comments": [], "processDefinition": 1054785, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1053984", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2020-12-14 14:49:20", "currentTask": "Start", "description": "Permissions request", "end": "2021-01-29 08:25:28", "id": 1053984 }, { "dummyProcess": false, "variables": { "requester": "admin", "grants": [], "requesterName": "Soffid Administrator" }, "comments": [], "processDefinition": 1946303, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2021-01-29 08:26:30", "currentTask": "Start", "description": "Permissions request", "id": 1378380 }, ........... ] } ``` ### Query by id Query a ProcessInstance by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/ProcessInstance/1378380 ``` ##### Response 200 OK ```JSON { "dummyProcess": false, "variables": { "requester": "admin", "grants": [], "requesterName": "Soffid Administrator" }, "comments": [], "processDefinition": 1946303, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2021-01-29 08:26:30", "currentTask": "Start", "description": "Permissions request", "id": 1378380 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/ProcessInstance ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "dummyProcess": false, "variables": { "requester": "ckelp", "grants": [], "requesterName": "Casey Kelp" }, "comments": [], "processDefinition": 1946303, "description": "Permissions request" } ``` ##### Response 201 Created ```JSON { "dummyProcess": false, "variables": { "requester": "ckelp", "grants": [], "requesterName": "Casey Kelp" }, "comments": [], "processDefinition": 1946303, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2021-01-29 08:26:30", "currentTask": "Start", "description": "Permissions request", "id": 1378380 } ``` ### Update partial Only attributes with changes will be updated, the other will maintain the same value. ##### Request ``` PATCH http:///soffid/webservice/scim2/v1/GroupUser/1976741 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "start", "value": "2021-05-14 00:00:00" } ] } ``` ##### Response 200 OK ```JSON { "dummyProcess": false, "variables": { "requester": "admin", "grants": [], "requesterName": "Soffid Administrator" }, "comments": [], "processDefinition": 1946303, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2021-05-14 00:00:00", "currentTask": "Start", "description": "Permissions request", "id": 1378380 } ``` ### Update all This operation replaces all values in the ProcessInstance. - Note that the attribute id is required to confirm that the resource "...ProcessInstance/<id>" is the same that the JSON ProcessInstance. - Note that all the attributes not included in the request will be cleared in the ProcessInstance type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT - http:///soffid/webservice/scim2/v1/ProcessInstance/1474138 ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "id": 1378380, "dummyProcess": false, "variables": { "requester": "ckelp", "grants": [], "requesterName": "Casey Kelp" }, "comments": ["comments"], "processDefinition": 1946303, "start": "2021-05-14 00:00:00", "currentTask": "Start", "description": "Permissions request" } ``` ##### Response 200 OK ```JSON { "dummyProcess": false, "variables": { "requester": "ckelp", "grants": [], "requesterName": "Casey Kelp" }, "comments": [ "comments" ], "processDefinition": 1946303, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380", "resourceType": "ProcessInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance" ], "start": "2021-05-14 00:00:00", "currentTask": "Start", "description": "Permissions request", "id": 1378380 } ``` ### Delete > When you delete a ProcessInstance, it will be disabled, but never deleted from the database, this ProcessInstance will have an end date.

Please note after this delete, the ProcessInstance has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE - http:///webservice/scim2/v1/ProcessInstance/1977873 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more infomation about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM TaskInstance examples ## Operations This page shows the operations that can be performed for the TaskInstances object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/TaskInstance ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 6, "startIndex": 1, "Resources": [ { "variables": { "requester": "admin", "grants": [ { "ownersString": "SOFFID_ADMIN ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "SOFFID_ADMIN" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1762656, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Container/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1762352, "description": "Approve ", "pooledActors": [ "SOFFID_ADMIN" ], "priority": 3, "transitions": [ "Rechazar", "Aceptar" ], "dummyTask": false, "processName": "Modificar permisos", "processId": 1762544, "blocking": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-03-30 19:57:35", "cancelled": false, "id": 1762656, "open": true, "signalling": true }, { "variables": { "requester": "admin", "grants": [ { "ownersString": "admin ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "admin" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1861549, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Operation/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1946303, "description": "Approve pending permissions", "pooledActors": [ "admin" ], "priority": 3, "transitions": [ "Reject", "Approve" ], "dummyTask": false, "processName": "Permissions request", "processId": 1861537, "blocking": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-04-17 21:00:46", "cancelled": false, "id": 1861549, "open": true, "signalling": true }, .................... ] } ``` ### List by filter List all TaskInstances with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/TaskInstance?count=2&filter=processName eq "Permissions request" and name eq Approve ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "variables": { "requester": "admin", "grants": [ { "ownersString": "admin ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "admin" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1861549, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Operation/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1946303, "description": "Approve pending permissions", "pooledActors": [ "admin" ], "priority": 3, "transitions": [ "Reject", "Approve" ], "dummyTask": false, "processName": "Permissions request", "processId": 1861537, "blocking": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-04-17 21:00:46", "cancelled": false, "id": 1861549, "open": true, "signalling": true }, { "variables": { "requester": "admin", "grants": [ { "ownersString": "admin ", "comments": "", "roleId": 393103, "userFullName": "Soffid Administrator", "owners": [ "admin" ], "userName": "admin", "approved": false, "applicationDescription": "Active Directory", "taskInstance": 1638273, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Enterprise Administrators", "applicationName": "Container/Business process/ad" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1946303, "start": "2021-05-10 12:57:31", "description": "Approve pending permissions", "pooledActors": [ "admin" ], "priority": 3, "transitions": [ "Reject", "Approve" ], "dummyTask": false, "actorId": "admin", "processName": "Permissions request", "processId": 1638261, "blocking": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1638273", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-03-11 16:33:41", "cancelled": false, "id": 1638273, "open": true, "signalling": true }, .............. ] } ``` ### Query by id Query a TaskInstance by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/TaskInstance/1861549 ``` ##### Response 200 OK ```JSON { "variables": { "requester": "admin", "grants": [ { "ownersString": "admin ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "admin" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1861549, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Operation/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1946303, "description": "Approve pending permissions", "pooledActors": [ "admin" ], "priority": 3, "transitions": [ "Reject", "Approve" ], "dummyTask": false, "processName": "Permissions request", "processId": 1861537, "blocking": false, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-04-17 21:00:46", "cancelled": false, "id": 1861549, "open": true, "signalling": true } ``` ### Create This operation is not allowed. ### Update partial Only attributes with changes will be updated, the other will mantain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/TaskInstance/1762656 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "blocking", "value": true } ] } ``` ##### Response 200 OK ```JSON { "variables": { "requester": "admin", "grants": [ { "ownersString": "SOFFID_ADMIN ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "SOFFID_ADMIN" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1762656, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Container/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1762352, "description": "Approve ", "pooledActors": [ "SOFFID_ADMIN" ], "priority": 3, "transitions": [ "Rechazar", "Aceptar" ], "dummyTask": false, "processName": "Modificar permisos", "processId": 1762544, "blocking": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-03-30 19:57:35", "cancelled": false, "id": 1762656, "open": true, "signalling": true } ``` ### Update all This operation replaces all values in the GroupUser. - Note that the attribute id is required to confirm that the resource "...TaskInstance/<id>" is the same that the JSON TaskInstance. - Note that all the attributes not included in the request will be cleared in the TaskInstance type and their data will be lost. - Note that not all the attributes are updatable, for example tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///webservice/scim2/v1/TaskInstance/1762656 ``` **JSON** ```JSON { "variables": { "requester": "admin", "grants": [ { "ownersString": "SOFFID_ADMIN ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "SOFFID_ADMIN" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1762656, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Container/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1762352, "description": "Approve ", "pooledActors": [ "SOFFID_ADMIN" ], "priority": 3, "transitions": [ "Rechazar", "Aceptar" ], "dummyTask": false, "processName": "Modificar permisos", "processId": 1762544, "blocking": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-03-30 19:57:35", "cancelled": false, "id": 1762656, "open": true, "signalling": true } ``` ##### Response 200 OK ```JSON { "variables": { "requester": "admin", "grants": [ { "ownersString": "SOFFID_ADMIN ", "comments": "", "roleId": 393447, "userFullName": "Soffid Administrator", "owners": [ "SOFFID_ADMIN" ], "userName": "admin", "approved": false, "applicationDescription": "SOFFID Identity Manager", "taskInstance": 1762656, "schemas": [ "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo" ], "denied": false, "roleDescription": "Accounting Manager", "applicationName": "Container/Business 2/SOFFID" } ], "requesterName": "Soffid Administrator" }, "processDefinition": 1762352, "description": "Approve ", "pooledActors": [ "SOFFID_ADMIN" ], "priority": 3, "transitions": [ "Rechazar", "Aceptar" ], "dummyTask": false, "processName": "Modificar permisos", "processId": 1762544, "blocking": true, "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656", "resourceType": "TaskInstance" }, "schemas": [ "urn:soffid:com.soffid.iam.bpm.api.TaskInstance" ], "name": "Approve", "create": "2021-03-30 19:57:35", "cancelled": false, "id": 1762656, "open": true, "signalling": true } ``` ### Delete In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.

Please note after this delete, the account has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE - http:///soffid/webservice/scim2/v1/TaskInstance/1762656 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Issue examples ## Operations This page shows the operations that can be performed for the issue object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Issue ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "startIndex": 1, "Resources": [ { "performedActions": "2023-06-09 07:17:25 admin Created\n2023-06-09 09:46:54 admin Acknowledged\n", "acknowledged": "2023-06-09 09:46:54", "created": "2023-06-09 07:17:25", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44656", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bob bobm", "id": 44656, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 } ], "status": "A" }, { "acknowledged": "2023-06-09 08:55:49", "created": "2023-06-09 07:29:25", "hosts": [], "description": "Account etaylor@soffid has been locked", "solved": "2023-06-09 08:56:09", "type": "locked-account", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "etaylor", "userId": 3821 } ], "performedActions": "2023-06-09 07:29:25 $$INTERNAL$$ Created\n2023-06-09 08:49:49 admin User etaylor is disabled\n2023-06-09 08:55:09 admin The account etaylor has been locked\n2023-06-09 08:55:41 admin Notify pgarcia@soffid.com\n2023-06-09 08:55:49 admin Acknowledged\n2023-06-09 08:55:53 admin The account etaylor has been unlocked\n2023-06-09 08:56:09 admin Solved\n", "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44672", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "id": 44672, "account": { "lastLogin": "2023-06-09 07:28:11", "grantedRoles": [], "description": "Elizabeth Taylor", "type": "U", "lastUpdated": "2023-06-09 08:56:07", "ownerGroups": [], "loginName": "etaylor", "inheritNewPermissions": false, "disabled": false, "id": 4994, "managerGroups": [], "grantedGroups": [], "lastPasswordSet": "2023-06-09 07:28:14", "passwordExpiration": "2024-06-08 07:28:14", "passwordPolicy": "I", "accessLevel": "-", "managerRoles": [], "created": "2023-06-02 09:14:36", "hasSnapshot": false, "system": "soffid", "ownerRoles": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account/4994", "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "etaylor", "managerUsers": [], "lastChange": "2023-06-09 08:55:53", "attributes": {}, "status": "a", "ownerUsers": [ "etaylor" ], "grantedUsers": [] }, "status": "S" }, { "performedActions": "2023-06-14 06:56:42 admin Created\n", "created": "2023-06-14 06:56:42", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/56710", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user cdarwin cmartin etaylor", "id": 56710, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "cdarwin", "userId": 4037 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "cmartin", "userId": 3890 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "etaylor", "userId": 3821 } ], "status": "N" }, { "performedActions": "2023-06-14 07:02:55 admin Created\n", "created": "2023-06-14 07:02:55", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/56728", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user cdarwin cmartin etaylor", "id": 56728, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "cdarwin", "userId": 4037 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "cmartin", "userId": 3890 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "etaylor", "userId": 3821 } ], "status": "N" } ] } ``` ### List by filter List all Issues with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Issue?filter=type co "locked" ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "startIndex": 1, "Resources": [ { "acknowledged": "2023-06-09 08:55:49", "created": "2023-06-09 07:29:25", "hosts": [], "description": "Account etaylor@soffid has been locked", "solved": "2023-06-09 08:56:09", "type": "locked-account", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "etaylor", "userId": 3821 } ], "performedActions": "2023-06-09 07:29:25 $$INTERNAL$$ Created\n2023-06-09 08:49:49 admin User etaylor is disabled\n2023-06-09 08:55:09 admin The account etaylor has been locked\n2023-06-09 08:55:41 admin Notify pgarcia@soffid.com\n2023-06-09 08:55:49 admin Acknowledged\n2023-06-09 08:55:53 admin The account etaylor has been unlocked\n2023-06-09 08:56:09 admin Solved\n", "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44672", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "id": 44672, "account": { "lastLogin": "2023-06-09 07:28:11", "grantedRoles": [], "description": "Elizabeth Taylor", "type": "U", "lastUpdated": "2023-06-09 08:56:07", "ownerGroups": [], "loginName": "etaylor", "inheritNewPermissions": false, "disabled": false, "id": 4994, "managerGroups": [], "grantedGroups": [], "lastPasswordSet": "2023-06-09 07:28:14", "passwordExpiration": "2024-06-08 07:28:14", "passwordPolicy": "I", "accessLevel": "-", "managerRoles": [], "created": "2023-06-02 09:14:36", "hasSnapshot": false, "system": "soffid", "ownerRoles": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account/4994", "resourceType": "Account" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Account" ], "name": "etaylor", "managerUsers": [], "lastChange": "2023-06-09 08:55:53", "attributes": {}, "status": "a", "ownerUsers": [ "etaylor" ], "grantedUsers": [] }, "status": "S" } ] } ``` ### Query by id Query an Issue by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/Issue/44656 ``` ##### Response 200 OK ```JSON { "performedActions": "2023-06-09 07:17:25 admin Created\n2023-06-09 09:46:54 admin Acknowledged\n", "acknowledged": "2023-06-09 09:46:54", "created": "2023-06-09 07:17:25", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44656", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bob bobm", "id": 44656, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 } ], "status": "A" } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/Issue ``` **JSON** ```JSON { "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "type" : "duplicated-user", "status" : "N", "created" : "2023-06-19 15:30:00", "users" : [{ "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 }] } ``` ##### Response 201 Created ```JSON { "actor": "SOFFID_ADMIN@soffid", "performedActions": "2023-06-21 08:49:22 admin Created\n2023-06-21 08:49:22 admin Executed automatic task start-workflow\n2023-06-21 08:49:22 admin Executed automatic task run-script\n2023-06-21 08:49:22 admin Executed automatic task send-email\n", "created": "2023-06-21 08:49:22.516", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/167879", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bob bobm", "id": 169336, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 } ], "status": "N" } ``` ### Update partial Only attributes with changes will be updated, the others will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/Issue/169336 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "status", "value": "A" } ] } ``` ##### Response 200 OK ```JSON { "performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n", "acknowledged": "2023-06-21 08:58:59.605", "created": "2023-06-21 08:54:04", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bobm bob", "id": 169336, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 } ], "status": "A" } ``` ### Update all This operation replaces all values in the Issues. - Note that the attribute id is required to confirm that the resource "...Issue/<id>" is the same that the JSON Issue. - Note that all the attributes not included in the request will be cleared in the Issue type and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit [Resource data model page](https://bookstack.soffid.com/books/scim/chapter/resource-data-model-schema) ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/Issue/169336 ``` **JSON** ```JSON { "performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n", "acknowledged": "2023-06-21 08:58:59.605", "created": "2023-06-21 08:54:04", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bobm bob", "id": 169336, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 } ], "status": "S" } ``` ##### Response 200 OK ```JSON { "performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n", "acknowledged": "2023-06-21 08:58:59", "created": "2023-06-21 08:54:04", "hosts": [], "meta": { "location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336", "resourceType": "Issue" }, "schemas": [ "urn:soffid:com.soffid.iam.api.Issue" ], "description": "Duplicated user bobm bob", "id": 169336, "type": "duplicated-user", "users": [ { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bobm", "userId": 3971 }, { "schemas": [ "urn:soffid:com.soffid.iam.api.IssueUser" ], "userName": "bob", "userId": 3941 } ], "status": "S" } ``` ### Delete This operation is not allowed. ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM for OTP devices SCIM for OTP devices # ⏰ Getting Started ## Introduction

Soffid allows you to combine two of the most powerful addons you can use into Soffid Console, **SCIM,** and **OTP**.

Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in [How to use SCIM in Soffid # Installation](https://bookstack.soffid.com/link/120#bkmrk-installation) Please note that a user with the authentication is required, please check this part in [How to use SCIM in Soffid # Confirm authorization](https://bookstack.soffid.com/link/120#bkmrk-confirm-authorizatio) Please note that is recommended to use a REST client, please see our example in [Testing tool # RESTer](https://bookstack.soffid.com/link/118#bkmrk-rester) Please note that the correct header parameters must be used, please browse them in [SCIM in Soffid # HTTP request](https://bookstack.soffid.com/link/114#bkmrk-http-request) Please note that the OTP addon must be installed and configured, check it in [OTP Settings](https://bookstack.soffid.com/books/two-factor-authentication-2fa-VsJ/page/otp-settings) ### OTP Device Types OTP device types available - **TOTP**: Time based HMAC Token - **HOTP**: Event based HMAC Token - **EMAIL** - **SMS** - **PIN**: Security PIN ### OTP Device Status OTP device status available : - C: **Created** - V: **Validated** - L: **Locked** - D: **Disabled** ### OTP Operations Soffid provides an API that allows you to connect to the OTP microservices. The available operations are the following - List all - List by filter - Query by id - Create - Update - Validate - Send SMS - Delete

You can visit the [SCIM OTP devices examples page](https://bookstack.soffid.com/books/scim/page/scim-otp-devices-examples) for more detailed information

#### Workflows With the previous operations, using the SCIM OTP API, we can define some workflows.

You can visit the [SCIM OTP devices Workflows examples page](https://bookstack.soffid.com/books/scim/page/scim-otp-devices-workflows-examples)

# SCIM OTP devices examples ## Operations This page shows the operations that can be performed for the OTP devices object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OtpDevice ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 25, "startIndex": 1, "Resources": [ { "lastUsed": "2021-10-14 06:57:00", "created": "2021-10-14 06:44:43", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000001", "id": 4022880, "type": "TOTP", "user": "franck", "fails": 0, "status": "D" }, { "created": "2021-10-14 08:37:38", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "Email message to pg*****@so****.co*", "id": 4024384, "type": "EMAIL", "user": "patricia", "fails": 0, "email": "patricia@soffid.com", "status": "D" }, { "created": "2021-10-14 11:17:52", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "phone": "666555444", "name": "SMS message to 66*****44", "id": 4024416, "type": "SMS", "user": "agatha", "fails": 0, "status": "V" }, ............. ............. ] } ``` ### List by filter List all the OTP devices with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OtpDevice?filter=type eq "TOTP" ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 7, "startIndex": 1, "Resources": [ { "lastUsed": "2021-10-14 06:57:00", "created": "2021-10-14 06:44:43", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000001", "id": 4022880, "type": "TOTP", "user": "franck", "fails": 0, "status": "D" }, ............. ............. ] } ``` ### Query by id Query a OTP device by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OtpDevice/5007882 ``` ##### Response 200 OK ```JSON { "created": "2022-02-22 07:46:51", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000035", "id": 5007882, "type": "TOTP", "user": "admin", "fails": 0, "status": "C" } ``` ### Create Allows you to create a new OTP device. It is important the type of the OTP you want to create, and depending on this, it will be mandatory to add new attributes to the request. - **SMS**: add to the JSON the phone attribute - **EMAIL**: add to the JSON the email attribute - **PIN**: add to the JSON the pin attribute ##### Request ```XML http:///soffid/webservice/scim2/v1/OtpDevice ``` **JSON** ```XML { "meta": { "location": "http:///webservice/scim2/v1/OtpDevice", "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "type": "TOTP", "user": "admin" } ``` ##### Response 200 OK ```JSON { "image": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADIAQAAAACFI5MzAAAC3klEQVR4Xu2XP66jMBDGB7lwFy5gydeg40rkAoRcgFzJna+B5AtA58Ji9hueQvJWu8UbS6stMoqiwA9lrPn7Qfw3o99vnPYhHyL2L0mghhOz2Xue+tJGIltBIm9haQPdgufsButxp4LQlc1M+C5tSLt1TSWJyy26Jvipd2NfTTJPHU/kmlxariS8RX6w2fhwwt+i82OC/ER3fX2+Ze7HBJbp0iGieCQh54dpSaCBaOz8SmbukfY0C1STJAHIZkdQe947d6khkYau3KKZrNktzs77MwYawoTCuTFqEDytHY1PPxqSEQPPwY3WoOeu0WzPbGtIoNH6tTdzt1BX2ky3w7mSZAnkA95sQge3eRmfMdAQhh8pwLFL94ACR/9VkOzvbB5oX0LnuaEz9xoS/YORcNROGY7jn/nREE5bwCRwFwtveOQtBgoSJc9rnzggOWm27nUCBcnws1wI3OPgeOpVVQqCkdynqU+rLWQx+fwxEtTEEZXBLoO4KjcpzAqScZWQbczRNphZOq+CBHcNkuQmSs+hm4enHw1hXBWM9o39PS4XW161oyBhIZt2MishP/imy3kCDUEAyo3LpZe2m/BUDYlmtdjbUoDYtIQNyRUkLPj7jdNE5g4hIKVUQWK5BszRQh3PWBf0pncUJCAhRjJDGPZokbdtpiCMooYHs8rZ4WehKuIhnZqM0YIKSo+czsmnIRFKpxyyArfd8FY7GoKRzISg7gSInqsj2UwdYVZh+c+9jATMZj2J0rUi7ix0YsFsFt9qIrtR5PA9o10wYPx0nlpDjJRhD4Xi0MoP6NnTj4KEQ4WJFvNbXlDWZ+1oCCwujWhYg7S3sVQR0bDUYj3GI+3xpa81BPoah+3T/UvDygqqIShDNxIq2q8dftD7W4GGRLyBYT0ujdRRedOwOgKRgvMiS446z2JqwjKfMJUJextCm87dqCHIj+xGj0WxMbT/8v7G8mPyZ/uQDxH7n8kvJ2XgRr9Rxi0AAAAASUVORK5CYII=", "created": "2022-02-22 07:46:51", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882", "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000035", "id": 5007882, "type": "TOTP", "user": "admin", "fails": 0, "status": "C" } ``` ##### Example JSON SMS ```JSON { "type": "SMS", "user": "dilbert", "phone": "6665552222" } ``` ##### Example JSON EMAIL ```JSON { "type": "EMAIL", "user": "dilbert", "email": "dilbert@soffid.com" } ``` ##### Example JSON PIN ```JSON { "type": "PIN", "user": "dilbert", "email": "123456789" } ``` ### Update partial Only attributes with changes will be updated, the other will mantain the same value. This example shows how to enable an OTP device. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/OtpDevice/5007882 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "status", "value": "V" } ] } ``` ##### Response 200 OK ```JSON { "created": "2022-02-22 07:46:51", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000035", "id": 5007882, "type": "TOTP", "user": "admin", "fails": 0, "status": "V" } ``` ### Request Challenge This operation allows Soffid to obtain the PIN code for a specific OTP device. We can use this method to send an email or SMS, depending on the type of OTP device. ##### Request ```XML GET http:////soffid/webservice/scim2/v1/OtpDevice//requestChallenge ``` ##### Response 200 OK ```JSON { "cell": "PIN", "cardNumber": "SMS message to 66*****22" } ``` ### Response Challenge This operation allows you to validate a PIN code for a specific OTP device. ##### Request ```XML POST http:////soffid/webservice/scim2/v1/OtpDevice//responseChallenge ``` **JSON** ```JSON { "pin": "12345678" } ``` ##### Response 200 OK ```JSON { "success": false, "locked": false } ``` ### Delete In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.

Please note after this delete, the account has to be created again to use it in the next examples.

##### Request ```MarkDown DELETE - http:///soffid/webservice/scim2/v1/OtpDevice/5007967 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM OTP devices Workflows examples ## Workflow Examples ### Workflow 1 #### 1. Create Email OTP device ##### Request ```XML GET http:///soffid/webservice/scim2/v1/OtpDevice ``` **JSON** ```JSON { "type": "EMAIL", "user": "dilbert", "email": "dilbert@soffid.com" } ``` ##### Response 200 OK ```JSON { "created": "2022-03-09 13:39:52", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461", "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "Email message to di*****@so****.co*", "id": 5099461, "type": "EMAIL", "user": "dilbert", "fails": 0, "email": "dilbert@soffid.com", "status": "C" } ``` #### 2. RequestChallenge to get the PIN code ##### Request ```XML GET http:///soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallenge ``` ##### Response 200 OK ```JSON { "cell": "PIN", "cardNumber": "Email message to di*****@so****.co*" } ``` #### 3. ResponseChallenge to validate the PIN code ##### Request ```XML POST http:///soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallenge ``` **JSON** ```Java { "pin": "839231" } ``` ##### Response 200 OK ```JSON { "success": true, "locked": false } ``` #### 4. Enable OTP device ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/OtpDevice/5099461 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "status", "value": "V" } ] } ``` ##### Response ```JSON { "created": "2022-03-09 13:39:52", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "Email message to di*****@so****.co*", "id": 5099461, "type": "EMAIL", "user": "dilbert", "fails": 0, "email": "dilbert@soffid.com", "status": "V" } ``` ### Workflow 2 #### 1. Get TOTP devices Obtain all unused OTP devices by 2022. ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/OtpDevice?filter=lastUsed le "2022-01-01" ``` ##### Response 200 Ok ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 5, "startIndex": 1, "Resources": [ { "lastUsed": "2021-10-14 06:57:00", "created": "2021-10-14 06:44:43", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000001", "id": 4022880, "type": "TOTP", "user": "admin", "fails": 0, "status": "E" }, { "lastUsed": "2021-10-14 06:59:33", "created": "2021-10-14 06:58:05", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000002", "id": 4022891, "type": "TOTP", "user": "ckelp", "fails": 0, "status": "C" }, ..... ] } ``` #### 2. Disable OTP device Disble the OTP devices one by one ##### Request ```MarkDown PATCH http:///soffid/webservice/scim2/v1/OtpDevice/4022880 ``` **JSON** ```JSON { "Operations": [ { "op": "replace", "path": "status", "value": "D" } ] } ``` ##### Response 200 Ok ```JSON { "lastUsed": "2021-10-14 06:57:00", "created": "2021-10-14 06:44:43", "meta": { "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880", "links": { "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge", "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge" }, "resourceType": "OtpDevice" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice" ], "name": "TOTP00000001", "id": 4022880, "type": "TOTP", "user": "admin", "fails": 0, "status": "D" } ``` ## # SCIM for Federation SCIM for Service Providers # ⏰ Getting Started ## Introduction

Soffid allows you to combine two of the most powerful addons you can use into Soffid Console, **SCIM,** and **Federation**.

Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in [How to use SCIM in Soffid # Installation](https://bookstack.soffid.com/link/120#bkmrk-installation) Please note that a user with the authentication is required, please check this part in [How to use SCIM in Soffid # Confirm authorization](https://bookstack.soffid.com/link/120#bkmrk-confirm-authorizatio) Please note that it is recommended to use a REST client, please see our example in [Testing tool # RESTer](https://bookstack.soffid.com/link/118#bkmrk-rester) Please note that the correct header parameters must be used, please browse them in [SCIM in Soffid # HTTP request](https://bookstack.soffid.com/link/114#bkmrk-http-request) Please note that the Federation addon must be installed and configured, check it in [the Federation book](https://bookstack.soffid.com/books/federation)[.](https://bookstack.soffid.com/books/two-factor-authentication-2fa-VsJ/page/otp-settings) ### Identify Service Provider - **classe**: "S" ### Service providers Types Service providers types available - **SAML**: saml - **SAML API client**: soffid-saml - **OpenID Connect**: openid-connect - **OpenID Dynamic Register**: openid-dynamic-register - **Radius client**: radius - **CAS client**: cas ### Open Id Mechanism - PA: **User's password** - AC: **Authorization code** - PC: **User's password + Client credentials** - IM: **Implicit** ### Federation Operations Soffid provides an API that allows you to connect to the Federation microservices. The available operations are the following - List all - List by filter - Query by id - Create - Update - Delete

You can visit [the SCIM Federation Member examples](https://bookstack.soffid.com/books/scim/page/scim-federation-members-examples) and [the SCIM Entity Group examples](https://bookstack.soffid.com/books/scim/page/scim-entity-group-examples) page for more detailed information.

# SCIM Entity Group examples ## Operations This page shows the functions that can be performed for the Entity Group object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/EntityGroup ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "Soffid", "id": 6725679 }, { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 } ] } ``` ### List by filter List all entity groups with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/EntityGroup?filter=name co "test" ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "startIndex": 1, "Resources": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "Soffid", "id": 6725679 }, { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 } ] } ``` ### Query by id Query an entity group by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/EntityGroup/5462422 ``` ##### Response 200 OK ```JSON { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 } ``` ### Create #### Request ```XML POST http:///soffid/webservice/scim2/v1/EntityGroup ``` **JSON** ```JSON { "metadataUrl": "test-3", "name": "test-3" } ``` ##### Response 201 Created ```JSON { "metadataUrl": "test-3", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-3", "id": 6780695 } ``` ### Update partial Only attributes with changes will be updated, the others will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/EntityGroup/6780695 ``` **JSON** ```JSON { "Operations" : [ { "op" : "replace", "path" : "name", "value": "SP Cloud" }, { "op" : "replace", "path" : "metadataUrl", "value": "SP Cloud" } ] } ``` ##### Response 200 OK ```JSON { "metadataUrl": "SP Cloud", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "SP Cloud", "id": 6780695 } ``` ### Update all This operation replaces all values in the entity group. - Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup. - Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the [Resource data model](https://bookstack.soffid.com/books/addons/page/resource-data-model "Resource data model") page ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/EntityGroup/1976590 ``` **JSON** ```JSON { "metadataUrl": "SP Cloud Test", "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "SP Cloud Test", "id": 6780695 } ``` ##### Response 200 OK ```JSON { "metadataUrl": "SP Cloud Test", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "SP Cloud Test", "id": 6780695 } ``` ### Delete

Please note, after this deletion, the entity group has to be created again to use it in the following examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/EntityGroup/6780695 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# SCIM Federation Members examples ## Operations This page shows the functions that can be performed for the Federation Member object. ### List all ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/FederationMember ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 15, "startIndex": 1, "Resources": [ { "internal": false, "allowRecover": false, "disableSSL": false, "impersonations": [], "roles": [], "ssoCookieName": "soffid_sso_session", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, "metadades": "{\n \"authorization_endpoint\": \"https://server/oauth2/auth\",\n \"token_endpoint\": \"https://server/oauth2/token\",\n \"userinfo_endpoint\": \"https://server/oauth2/userinfo\",\n \"scopes_supported\": [ \"openid\",\"email\",\"profile\"],\n \"display\": \"page\"\n}", "authenticationMethods": "P", "storeUser": false, "contact": "pgarcia@soffid.com", "loginHintScript": "loginHint", "id": 5999758, "enableCaptcha": false, "classe": "I", "idpType": "openid-connect", "keytabs": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/5999758", "resourceType": "FederationMember" }, "organization": "Soffid", "extendedAuthenticationMethods": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "OpenIDConnect_Test", "serviceProvider": [], "allowRegister": false, "publicId": "OpenIDConnect_ID" }, { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [], "registrationTokenExpiration": "2024-04-04 08:04:47", "uidExpression": "userName", "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798983", "resourceType": "AllowedScope" }, "scope": "*", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6798983 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798984", "resourceType": "AllowedScope" }, "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6798984 } ], "openidMechanism": [ "PA", "AC", "PC", "IM" ], "openidLogoutUrl": [], "openidSectorIdentifierUrl": "http://localhost:4204", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6796706", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "OpenIDDynamicRegister-Test2", "openidUrl": [], "id": 6796706, "maxRegistrations": 3, "allowRegister": false, "publicId": "OpenIDDynamicRegister-publicId-test2", "serviceProviderType": "openid-dynamic-register" }, ........ ] } ``` ### List by filter List all entity groups with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the [Sorting](https://bookstack.soffid.com/link/116#bkmrk-sorting) and [Pagination](https://bookstack.soffid.com/link/116#bkmrk-pagination) information.

##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/FederationMember?filter=name co "Dynamic" ``` ##### Response 200 OK ```JSON { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "startIndex": 1, "Resources": [ { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_USER@soffid" ], "registrationTokenExpiration": "2023-11-09 07:57:20", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980", "resourceType": "AllowedScope" }, "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6617980 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977", "resourceType": "AllowedScope" }, "scope": "*", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6617977 } ], "openidMechanism": [ "PA", "AC" ], "openidLogoutUrl": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "Dynamic Register SP", "openidUrl": [], "id": 6617976, "maxRegistrations": 2, "allowRegister": false, "publicId": "DR", "serviceProviderType": "openid-dynamic-register" }, { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_USER@soffid" ], "registrationTokenExpiration": "2022-11-10 00:00:00", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622593", "resourceType": "AllowedScope" }, "scope": "*", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6622593 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622594", "resourceType": "AllowedScope" }, "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6622594 } ], "openidMechanism": [], "openidLogoutUrl": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6622589", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "Dynamic Register SP 2", "openidUrl": [], "id": 6622589, "maxRegistrations": 1, "allowRegister": false, "publicId": "DR2", "serviceProviderType": "openid-dynamic-register" } ] } ``` ### Query by id Query a federation member by its id (primary key). ##### Request ```MarkDown GET http:///soffid/webservice/scim2/v1/FederationMember/6617976 ``` ##### Response 200 OK ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_USER@soffid" ], "registrationTokenExpiration": "2023-11-09 07:57:20", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-demoIdP", "id": 5462422 }, "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980", "resourceType": "AllowedScope" }, "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6617980 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977", "resourceType": "AllowedScope" }, "scope": "*", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6617977 } ], "openidMechanism": [ "PA", "AC" ], "openidLogoutUrl": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "Dynamic Register SP", "openidUrl": [], "id": 6617976, "maxRegistrations": 2, "allowRegister": false, "publicId": "DR", "serviceProviderType": "openid-dynamic-register" } ``` ### Create (SAML) #### Request ```XML POST http:///soffid/webservice/scim2/v1/FederationMember ``` **JSON** ```JSON { "name": "App SAML Cloud" , "publicId" : "http://:8090/apps/user_saml/saml/metadata", "classe": "S", "serviceProviderType": "saml", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 } } ``` #### Response 201 Created ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "keytabs": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6798992", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "App SAML Cloud", "id": 6798992, "allowRegister": false, "publicId": "http://:8090/apps/user_saml/saml/metadata", "serviceProviderType": "saml" } ``` ### Create (SAML API client) #### Request ```XML POST http:///soffid/webservice/scim2/v1/FederationMember ``` **JSON** ```JSON { "name": "Test-IdP" , "publicId" : "https://some.idp.com/identifier/", "classe": "S", "serviceProviderType": "soffid-saml", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 } } ``` #### Response 201 Created ```JSON { "classe": "S", "internal": true, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "keytabs": [], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787237", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "Test-IdP", "id": 6787237, "allowRegister": false, "publicId": "https://some.idp.com/identifier/", "serviceProviderType": "soffid-saml" } ``` ### Create (OpenID Connect) #### Request ```XML POST http:///soffid/webservice/scim2/v1/FederationMember ``` **JSON** ```JSON { "name": "AngularAppOpenID", "publicId": "AngularAppOpenID", "classe": "S", "serviceProviderType": "openid-connect", "roles": [ "SOFFID_HRMANAGER@soffid", "SOFFID_MUSIC@soffid" ], "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "allowedScopes": [ { "scope": "profile", "roles": [ "SOFFID_MUSIC@soffid" ], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ] }, { "scope": "email", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ] } ], "openidMechanism": [ "PA", "AC", "PC", "IM" ], "openidUrl": [ "http://localhost:4204" ], "openidClientId" : "angularClientID", "openidSecret": "XXXXXXX", "openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul", "openidLogoutUrlBack": "", "openidLogoutUrl" : [], "openidSectorIdentifierUrl": "" } ```
📌 openidMechanism - PA: User's password - AC: Authorization code - PC: User's password + Client credentials - IM: Implicit
#### Response 201 Created ```JSON { "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_MUSIC@soffid", "SOFFID_HRMANAGER@soffid" ], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "openidLogoutUrlBack": "", "openidMechanism": [ "PA", "AC", "PC", "IM" ], "openidSecret": { "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.api.Digest" ] }, "id": 6787194, "serviceProviderType": "openid-connect", "classe": "S", "openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul", "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199", "resourceType": "AllowedScope" }, "scope": "email", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787199 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197", "resourceType": "AllowedScope" }, "scope": "profile", "roles": [ "SOFFID_MUSIC@soffid" ], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787197 }, { "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ] } ], "openidLogoutUrl": [], "openidSectorIdentifierUrl": "", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "AngularAppOpenID", "openidClientId": "angularClientID", "openidUrl": [ "http://localhost:4204" ], "allowRegister": false, "publicId": "AngularAppOpenID" } ``` ### Create (Radius) #### Request ```XML POST http:///soffid/webservice/scim2/v1/FederationMember ``` **JSON** ```JSON { "name": "SP-RADIUS" , "publicId" : "SP-RADIUS-publicId", "classe": "S", "serviceProviderType" : "radius", "radiusSecret" : "XXxxzzaasssDD", "sourceIps": "127.0.01,192.168.133.0/24", "roles": ["SOFFID_HRMANAGER@soffid", "SOFFID_MUSIC@soffid"], "system": "BABELTEST", "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 } } ``` #### Response 201 Created ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_MUSIC@soffid", "SOFFID_HRMANAGER@soffid" ], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "keytabs": [], "sourceIps": "127.0.01,192.168.133.0/24", "system": "BABELTEST", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787250", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "SP-RADIUS", "radiusSecret": "5GsnYxLvT0D0W4GQ9Zae", "id": 6787250, "allowRegister": false, "publicId": "SP-RADIUS-publicId", "serviceProviderType": "radius" } ``` ### Create (Cas) #### Request ```XML POST http:///soffid/webservice/scim2/v1/FederationMember ``` **JSON** ```JSON { "name": "CAS", "publicId": "CAS-publicId", "classe": "S", "serviceProviderType": "cas", "roles": [ "SOFFID_HRMANAGER@soffid", "SOFFID_MUSIC@soffid" ], "system": "BABELTEST", "consent": true, "entityGroup": { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "openidUrl": [ "https://www.testcasserver.lab/cas/" ], "openidLogoutUrl": [ "https://www.testcasserver.lab/cas/logout?service=" ] } ``` #### Response 201 Created ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_MUSIC@soffid", "SOFFID_HRMANAGER@soffid" ], "consent": true, "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "keytabs": [], "system": "BABELTEST", "openidLogoutUrl": [ "https://www.testcasserver.lab/cas/logout?service=" ], "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6804777", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "CAS", "openidUrl": [ "https://www.testcasserver.lab/cas/" ], "id": 6804777, "allowRegister": false, "publicId": "CAS-publicId", "serviceProviderType": "cas" } ``` ### Create (OpenID Dynamic Register) The OpenID Dynamic Register has to be created in the Soffid console

For more information, you can visit [the Openid-connect Dynamic Register documentation](https://bookstack.soffid.com/link/392#bkmrk-openid-connect-dynam)

### Update partial Only attributes with changes will be updated, the others will maintain the same value. ##### Request ```XML PATCH http:///soffid/webservice/scim2/v1/FederationMember/6787388 ``` **JSON** ```JSON { "Operations" : [ { "op" : "replace", "path" : "openidMechanism", "value": ["AC", "PC"] }, { "op" : "replace", "path" : "consent", "value": "true" } ] } ``` ##### Response 200 OK ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul", "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_MUSIC@soffid", "SOFFID_HRMANAGER@soffid" ], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "openidLogoutUrlBack": "", "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199", "resourceType": "AllowedScope" }, "scope": "email", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787199 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197", "resourceType": "AllowedScope" }, "scope": "profile", "roles": [ "SOFFID_MUSIC@soffid" ], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787197 }, { "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ] } ], "openidMechanism": [ "AC", "PC" ], "openidLogoutUrl": [], "openidSectorIdentifierUrl": "", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "AngularAppOpenID", "openidClientId": "angularClientID", "openidUrl": [ "http://localhost:4204" ], "id": 6787194, "allowRegister": false, "publicId": "AngularAppOpenID", "serviceProviderType": "openid-connect" } ``` ### Update all This operation replaces all values in the entity group. - Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup. - Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost. - Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the [Resource data model](https://bookstack.soffid.com/books/addons/page/resource-data-model "Resource data model") page ##### Request ```XML PUT http:///soffid/webservice/scim2/v1/EntityGroup/6787194 ``` **JSON** ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul", "virtualIdentityProvider": [], "impersonations": [], "roles": [ ], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "openidLogoutUrlBack": "", "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199", "resourceType": "AllowedScope" }, "scope": "email", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787199 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197", "resourceType": "AllowedScope" }, "scope": "profile", "roles": [ "SOFFID_MUSIC@soffid" ], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787197 }, { "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ] } ], "openidMechanism": [ "PA", "AC", "PC", "IM" ], "openidLogoutUrl": [], "openidSectorIdentifierUrl": "", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "AngularAppOpenID", "openidClientId": "angularClientID", "openidUrl": [ "http://localhost:4204" ], "allowRegister": false, "publicId": "AngularAppOpenID", "serviceProviderType": "openid-connect" } ``` ##### Response 200 OK ```JSON { "classe": "S", "internal": false, "allowRecover": false, "disableSSL": false, "openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul", "virtualIdentityProvider": [], "impersonations": [], "roles": [ "SOFFID_MUSIC@soffid", "SOFFID_HRMANAGER@soffid" ], "entityGroup": { "metadataUrl": "test-2", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683", "resourceType": "EntityGroup" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup" ], "name": "test-2", "id": 6780683 }, "openidLogoutUrlBack": "", "keytabs": [], "allowedScopes": [ { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6802723", "resourceType": "AllowedScope" }, "scope": "openid", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6802723 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199", "resourceType": "AllowedScope" }, "scope": "email", "roles": [], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787199 }, { "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197", "resourceType": "AllowedScope" }, "scope": "profile", "roles": [ "SOFFID_MUSIC@soffid" ], "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope" ], "id": 6787197 } ], "openidMechanism": [ "PA", "AC", "PC", "IM" ], "openidLogoutUrl": [], "openidSectorIdentifierUrl": "", "meta": { "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194", "resourceType": "FederationMember" }, "schemas": [ "urn:soffid:com.soffid.iam.addons.federation.common.FederationMember" ], "name": "AngularAppOpenID", "openidClientId": "angularClientID", "openidUrl": [ "http://localhost:4204" ], "id": 6787194, "allowRegister": false, "publicId": "AngularAppOpenID", "serviceProviderType": "openid-connect" } ``` ### Delete

Please note, after this deletion, the entity group has to be created again to use it in the following examples.

##### Request ```MarkDown DELETE http:///soffid/webservice/scim2/v1/FederationMember/6784722 ``` ##### Response 204 No Content ``` 204 No Content ``` ### Error response

For more information about error response visit [https://bookstack.soffid.com/link/116#bkmrk-error-response](https://bookstack.soffid.com/link/116#bkmrk-error-response)

# Cross-Origin Resource Sharing (CORS) By default, for security reasons, the SCIM interface is published for any server application, but not for client-side (javascript) applications. In order to allow client-side applications to query or modify SCIM objects, the CORS protocol states how to define the restrictions that apply to client-side applications. CORS settings can be tuned adding two [parameters:](https://bookstack.soffid.com/books/soffid-3-reference-guide/page/soffid-parameters "Soffid parameters")
ParameterValue
**soffid.scim.cors.origin**Set a comma separated list of DNS domains allowed to perform SCIM operations. Set to \* to allow access from any domain
**soffid.scim.cors.methods**Set a comma-separated list of allowed operations. By default, it is set to **GET, OPTIONS, HEAD** To allow any operation, set it to **GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD**
These parameters can be changed in real-time for any tenant. Mind that setting these values for the master tenant applies to master tenant, but also applies as default values for any child tenant. # Textual Index # Textual Index {{@875}} # Operation {{@876}}